American Water, the largest regulated water and wastewater utility company in the United States, was the victim of a cybersecurity breach last week.
The Camden, NJ, company revealed the hack on Monday after identifying issues a few days earlier and notifying law enforcement. According to a regulatory filing, the full impact of the breach is still unknown, as the company is “currently unable to predict the full impact of this incident.”
Videos by VICE
American Water serves 14 million people across 24 states—that’s a lot of customer data, potentially. The company believes none of its facilities or operations have been impacted, but it shut down its billing system until further notice. There won’t be any late charges during the pause.
“We take the cybersecurity of our systems with utmost seriousness and are taking additional steps to strengthen the cybersecurity of American Water’s systems,” the company said in a statement. “Our customers and the data we maintain remain our highest priorities.”
Again, no water service has been affected. The company has said it’s safe to drink its water. They confirmed this in a statement to calm the fears of those who wondered if the attack had made its way into the water.
Several cyberattacks have targeted water utilities and infrastructure in the United States. In 2021, a hacker attempted to poison the water supply in Oldsmar, Florida, by remotely accessing the water treatment plant’s computer system and increasing the amount of sodium hydroxide. Last year, an Iran-linked group targeted multiple U.S. facilities for using an Israeli-made computer system.
It remains unknown who or what was behind the American Water attack. The company has operated for over 130 years and remains the only water utility company to appear on the Dow Jones Utility Average.
