American Water Works cyberattack: Water supplier says its systems were hacked
The largest supplier of drinking water and wastewater services in the U.S. is the latest target to be hit by hackers. American Water Works, which provides drinking water and wastewater services to more than 14 million people in 14 states and on 18 military installations, said hackers breached its computer networks and systems on Thursday. Taking protective steps after becoming aware of the unauthorized activity, including shutting down certain systems, the New Jersey-based utility does not believe its facility or operations were impacted by the cybersecurity incident. However, it is “currently unable to predict the full impact,” it stated in a regulatory filing. An American Water Works spokesperson told CBS News in an email, “In an effort to protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems. There will be no late charges for customers while these systems are unavailable.” They added that the company is “working around the clock to investigate the nature and scope of the incident.” The company said law enforcement has been notified and they are cooperating with them. Just earlier this year, the Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan warned in a letter to state governors that drinking water and wastewater systems are an attractive target for cyberattacks. This is because they “often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” they wrote. However, it is not just the water services that are under attack. The number of reported data breaches in the U.S. hit a record 3,205 in 2023, up 78% from 2022, according to the nonprofit Identity Theft Resource Center. At the same time, organizations spent an estimated $188 billion globally on cybersecurity in 2023. That figure is expected to hit almost $215 billion in 2024. Whether these efforts will pay off is yet to be seen.
The largest supplier of drinking water and wastewater services in the U.S. is the latest target to be hit by hackers.
American Water Works, which provides drinking water and wastewater services to more than 14 million people in 14 states and on 18 military installations, said hackers breached its computer networks and systems on Thursday.
Taking protective steps after becoming aware of the unauthorized activity, including shutting down certain systems, the New Jersey-based utility does not believe its facility or operations were impacted by the cybersecurity incident. However, it is “currently unable to predict the full impact,” it stated in a regulatory filing.
An American Water Works spokesperson told CBS News in an email, “In an effort to protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems. There will be no late charges for customers while these systems are unavailable.” They added that the company is “working around the clock to investigate the nature and scope of the incident.”
The company said law enforcement has been notified and they are cooperating with them. Just earlier this year, the Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan warned in a letter to state governors that drinking water and wastewater systems are an attractive target for cyberattacks. This is because they “often lack the resources and technical capacity to adopt rigorous cybersecurity practices,” they wrote.
However, it is not just the water services that are under attack. The number of reported data breaches in the U.S. hit a record 3,205 in 2023, up 78% from 2022, according to the nonprofit Identity Theft Resource Center. At the same time, organizations spent an estimated $188 billion globally on cybersecurity in 2023. That figure is expected to hit almost $215 billion in 2024. Whether these efforts will pay off is yet to be seen.