American Water Works hit by cyberattack, customer portal and billing systems taken offline
American Water Works Co. Inc., the largest regulated water and wastewater utility company in the U.S., has suffered from a cyberattack that has affected its customer portal and billing services.
First disclosed in a regulatory filing, the company described the attack as “unauthorized activity within its computer networks and systems,” which they subsequently learned was the “result of a cybersecurity incident.” American Water Works then subsequently activated its incidence response plan, hired third-party cybersecurity experts and contacted law enforcement.
“The Company has taken and will continue to take steps to protect its systems and data, including disconnecting or deactivating certain of its systems,” American Water Works added in the filing. “The Company currently believes that none of its water or wastewater facilities or operations have been negatively impacted by this incident.”
A spokesperson for American Water Works told CBS News that the company had “disconnected or deactivated certain systems” and that “there will be no late charges for customers while these systems are unavailable.”
While the form of cyberattack was not disclosed, the ransomware duck test comes into play. If it looks like ransomware and sounds like ransomware it usually is. That American Water Works chose to disconnect systems would indicate that they were attempting to stop an attack — likely ransomware — from spreading laterally through its internal network.
While cyberattacks on utility providers such as Amercian Water Works are becoming commonplace, they present a larger risk than just systems being taken offline.
“We often overlook how vulnerable our everyday essentials are to digital threats. We’re not just talking about data breaches — this is about the safety of millions of people who rely on clean water every day,” Akhil Mittal, senior manager of Cybersecurity Strategy and Solutions at application security software provider Black Duck Software Inc., told SiliconANGLE via email. “A cyber incident like this could disrupt water services, delay safety checks and potentially risk public health.”
Mittal added that the focus now should be on quick action: containing the attack, getting the system back online and being transparent with the public. “As more essential services go digital, cybersecurity needs to be built into the infrastructure from the start, not bolted on later,” he said.
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU