American Water, the biggest publicly traded U.S. water and wastewater utility firm, was compelled to close down a few of its programs after a Thursday cyberattack.
In a submitting with the U.S. Securities and Trade Fee (SEC), American Water stated it has already employed third-party cybersecurity specialists to assist comprise and assess the incident’s affect. It additionally reported the breach to legislation enforcement and is now coordinating their efforts in a joint and ongoing investigation.
“The Company has taken and will continue to take steps to protect its systems and data, including disconnecting or deactivating certain of its systems,” the 8-Okay regulatory submitting reads.
As American Water stated in a separate assertion on its web site, the assault additionally compelled it to close down its on-line buyer portal service, MyWater, and pause billing companies.
Nevertheless, firm spokesperson Ruben Rodriguez informed BleepingComputer that there “will be no late charges for customers while these systems are unavailable.”
“Our dedicated team of professionals are working around the clock to investigate the nature and scope of the incident,” Rodriguez added. “The Company currently believes that none of its water or wastewater facilities or operations have been negatively impacted by this incident.”
American Water has over 6,500 staff and supplies water and wastewater companies to over 14 million folks in 14 states and on 18 navy installations.
This incident follows an identical one which impacted the water therapy facility of Arkansas Metropolis, Kansas, which was compelled to modify to guide operations after a weekend cyberattack.
These incidents come after a TLP:AMBER advisory warning Russian-linked cyberattacks focusing on the water sector, issued by the Water Data Sharing and Evaluation Heart (WaterISAC), a nonprofit group that helps shield water utilities from cyber threats.
For example, Chinese language-backed Volt Hurricane hackers infiltrated the networks of ingesting water programs in February, whereas Iranian risk actors breached a Pennsylvania water facility in November 2023.
The U.S. Environmental Safety Company (EPA) has additionally lately issued steerage to help water and wastewater programs (WWSs) homeowners and operators in evaluating their cybersecurity practices and figuring out measures to scale back their assault publicity.
