American Water Faces Cyberattack, Shuts Down Key Systems
American Water, the largest water utility in the U.S., recently disclosed that it was targeted by a cyberattack. Based in Camden, New Jersey, the company announced on its website that it detected "unauthorized activity in our computer networks and systems" last Thursday, which it has determined to be the result of a cybersecurity incident.
In response, American Water has shut down its customer service portal and suspended billing functions “until further notice.” The company has assured customers that no late fees will be charged while these systems are down.
The rise in cyberattacks on major U.S. companies has created significant disruptions for consumers and businesses alike. For example, a recent hack on UnitedHealth caused nationwide issues for patients needing prescriptions and healthcare providers seeking payment for services.
Attacks specifically targeting U.S. water infrastructure have become increasingly common, with some linked to geopolitical adversaries such as Iran, Russia, and China. As cybercriminals prioritize disruptions to critical national infrastructure, an EPA spokesman recently noted, “All drinking water and wastewater systems are at risk—large and small, urban and rural.”
American Water provides drinking water and wastewater services to over 14 million people across 14 states and 18 military installations. The threat is underscored by a recent Russian-linked attack on a water filtration plant in Muleshoe, Texas, located near a U.S. Air Force base. Adam Isles, head of cybersecurity practice at the Chertoff Group, pointed out that “water systems are among the least mature in terms of security.”
In February, the FBI warned Congress that Chinese hackers had deeply infiltrated U.S. cyber infrastructure, targeting water treatment facilities, electrical grids, and other critical systems.
American Water stated that it remains early in the investigation and currently believes no water or wastewater facilities have been impacted, assuring customers that drinking water remains safe. Law enforcement and third-party cybersecurity experts are now involved in assessing the situation.
The Environmental Protection Agency (EPA) recently issued an alert noting that about 70% of the water systems it inspected do not fully comply with the Safe Drinking Water Act, highlighting alarming cybersecurity vulnerabilities such as outdated passwords and former employees retaining system access.
American Water first learned of the unauthorized access on October 3 and swiftly identified it as a cyberattack. The decision to disable customer systems was made to protect data, although the company has stated it is too soon to determine if any customer information has been compromised.
As of now, American Water has not provided additional comments beyond the official security statement.
Source cnbc.com
No comments:
Post a Comment