American Water, the largest regulated water and wastewater utility in the US, has reported a cybersecurity incident that led to the shutdown of its customer portal and the temporary suspension of billing services.
The New Jersey-based company, which serves over 14 million people across 24 states and 18 military installations, assured customers that its water and wastewater operations remain unaffected and that the water is safe to drink.
There’s not much technical details about the breach, which occurred on October 3. In response, American Water quickly deactivated certain systems, including its online customer portal, to mitigate the impact.
The company said that its core operations, particularly the safety of water and wastewater services, were not compromised.
The incident follows a similar attack that recently hit Arkansas City's water treatment facility in Kansas, forcing the utility to shift to manual operations temporarily.
Last month, the US Cybersecurity and Infrastructure Security Agency (CISA) released a warning that threat actors are actively attempting to breach systems associated with critical infrastructure, specifically mentioning water and wastewater systems (WWS).
In the past months, several other state-sponsored threat groups have also targeted water infrastructure, including the China-linked Volt Typhoon, Russian state-sponsored actors, and Iranian hacker groups.
