U.S. utility giant American Water announced last week that it discovered hackers had infiltrated its internal network and had disconnected some systems.
American Water, which provides drinking water and wastewater services to more than 14 million people across the United States, acknowledged the security incident in an 8-K regulatory filing with the U.S. Securities and Exchange Commission on Monday.
The New Jersey-based company said in a filing that its water and wastewater facilities are unaffected “at this time” and continue to operate without interruption, but that at this time “there is no immediate response to this incident.” It is not possible to fully predict the impact.” American Water said it also reported the break-in to law enforcement.
The company announced that it discovered “unauthorized activity” within its network on October 3 and took steps to immediately disconnect affected systems. “We are suspending billing until further notice,” American Water said in a statement on its website.
“To protect our customers' data and prevent further damage to the environment, we have disconnected or disabled certain systems,” American Water spokesperson Ruben E. Rodriguez told TechCrunch in a statement. . “Customers will not be charged late fees while these systems are unavailable.”
Rodriguez declined to say which systems were unavailable or comment on the nature of the cybersecurity incident.
“Our dedicated team of experts is working around the clock to investigate the nature and scope of the incident,” Rodriguez said.
The ongoing incident at American Water comes amid growing warnings from the U.S. government that state-sponsored hackers are increasingly targeting America's water infrastructure.
In February, a coalition of U.S. intelligence agencies, including the National Security Agency, the U.S. cybersecurity agency CISA, and the FBI, said a China-based state-sponsored hacker group had breached multiple critical infrastructure systems, including U.S. water and wastewater systems. he warned. state.
The group, known as Bolt Typhoon, exploited vulnerabilities in routers, firewalls and VPNs to infiltrate networks, authorities warned. In some cases, Chinese-backed hackers have maintained access to these networks for “at least five years” with the goal of disrupting operational technology in the event of a major conflict or crisis between the United States and China. Maintains access.
The warning comes as U.S. cybersecurity officials said in late 2023 that Iran-linked hacker groups were “actively targeting and compromising multiple U.S. water and wastewater system facilities that rely on certain Israeli computer systems.” The announcement was made after the announcement that “I am here.''