Image Alliance | Image Alliance | Getty Images
american water utilityThe largest water company in the United States has revealed that it has been hit by a cyber attack.
The Camden, New Jersey-based company said Security statement on its website Last Thursday, it learned of “unauthorized activity on our computer network and systems” and determined it was “the result of a cybersecurity incident.”
The company said Tuesday that it closed its customer service portal and therefore its billing functionality “until further notice” and that it will not charge any late fees or other billing-related fees as long as the system is closed.
Some recent hacking attacks on major U.S. companies have paralyzed critical online systems, causing chaos for consumers and businesses, such as UnitedHealth hack This has led to difficulties nationwide for patients needing prescriptions filled and health care professionals needing to pay for services.
In particular, there has been an increase in hacking attacks on U.S. water infrastructure, some of which have been linked to U.S. geopolitical rivals, including Iran, Russia and China.
Destroying critical national infrastructure has become a top priority for foreign-linked cybercriminals. “All drinking water and wastewater systems—large or small, urban or rural—are at risk,” an EPA spokesperson recently told CNBC.
American Water provides drinking water and wastewater services to more than 14 million people, with regulated operations in 14 states and 18 military installations.
Most recently, in January, a water filtration plant located near a U.S. Air Force base in the small town of Muleshoe, Texas, suffered a hacker attack linked to Russia. “Water is one of the least mature areas when it comes to security,” Adam Isles, director of the Chertoff Group’s cybersecurity practice, recently told CNBC.
The FBI warned Congress in February that Chinese hackers have penetrated deeply into U.S. network infrastructure and are trying to cause damage to water treatment plans, power grids, transportation systems and other critical infrastructure.
American Water said the investigation is still in its early stages and “it is currently believed” that there were no impacts to water or wastewater treatment facilities or operations and that the water remains safe to drink.
The company said law enforcement and third-party cybersecurity experts are now involved.
American Water did not immediately respond to a request for additional comment.
A rising wave of cybercrimes targeting critical water infrastructure has led the Environmental Protection Agency to issue an enforcement alert, warning that 70 percent of the water systems it inspects do not fully comply with the requirements of the Safe Drinking Water Act. EPA says some “have not quantified exact numbers”Shocking cyber security breach” — Default passwords that have not been updated, vulnerable single sign-on settings, and former employees retaining access to the system.
American Water said it first learned of the unauthorized computer access on Oct. 3 and later determined it was a cyber attack. The company said the purpose of shutting down customer systems was to protect data, but added it was too early to tell whether any customer information was at risk.
An American Water spokesman declined to comment beyond the official safety statement.
About The Author
