American Water, the largest regulated water and wastewater utility company in the United States, disclosed on Monday that it was the target of a cyberattack, forcing the company to halt its billing services while it investigates the breach. The New Jersey-based utility, which serves over 14 million people across 14 states and 18 military installations, reported that it discovered the unauthorized activity last Thursday and immediately took steps to secure its systems.
The company acted swiftly to address the breach, shutting down certain systems to safeguard customer data and limit potential damage. In a statement, American Water said that it does not believe the attack compromised its water facilities or disrupted its operations. "We are working around the clock to investigate the nature and scope of the incident," an American Water spokesperson told CBS News. "In an effort to protect our customers' data and to prevent any further harm to our environment, we disconnected or deactivated certain systems."
As the investigation continues, the company has assured its customers that there will be no late charges while the billing systems remain offline. American Water also stated that it has notified law enforcement and is fully cooperating with authorities in the ongoing probe. Despite the rapid response, the full extent of the cybersecurity breach and its long-term impact on the company's operations remain unclear.
American Water, headquartered in Camden, New Jersey, operates more than 500 water and wastewater systems in approximately 1,700 communities, spanning states like California, Georgia, Hawaii, Illinois, Indiana, Iowa, Kentucky, Maryland, Missouri, Pennsylvania, Tennessee, Virginia, and West Virginia. As the nation's largest water utility, the company plays a critical role in providing essential services to millions of Americans.
The company's swift reaction to the cyberattack comes amid growing concerns about the vulnerability of U.S. infrastructure to cyber threats. Recent reports have linked a series of cyber intrusions targeting U.S. critical infrastructure, including water treatment facilities, to alleged actions by Chinese intelligence officers. These concerns have heightened the urgency for companies like American Water to fortify their digital defenses against state-sponsored cyber threats.
In response to the breach, American Water's shares dropped by 3.9%, closing at $136.99 on Monday. This decline brought the company's market capitalization down to $26.69 billion. The company did not immediately provide a timeline for when it expects its billing systems to be back online or when it would have a clearer understanding of the breach's impact on its operations and customer data.
John Joyce, a cybersecurity expert, noted that attacks on water utilities pose significant risks due to the essential nature of their services. "Utilities like American Water are prime targets for cyber attackers because disrupting their operations can have widespread implications," Joyce said. He emphasized the need for such companies to continually update their cybersecurity protocols in response to evolving threats.
