Cybersecurity Incident Hits America's Largest Regulated Water & Wastewater Utility Firm
The largest regulated water and wastewater utility company in the United States revealed in a filing published on the SEC's website that it has discovered a cybersecurity breach on its computer networks and systems.
New Jersey-based American Water Works wrote in the filing that last Thursday, it "learned of unauthorized activity within its computer networks and systems, which the Company determined to be the result of a cybersecurity incident."
"Upon learning of this activity, the Company immediately activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities and to investigate the nature and scope of the incident," American Water said.
It noted, "The Company has taken and will continue to take steps to protect its systems and data, including disconnecting or deactivating certain of its systems."
So far, the company "currently believes that none of its water or wastewater facilities or operations have been negatively impacted by this incident." However, it pointed out, "The company is currently unable to predict the full impact of this incident" but "does not expect the incident will have a material effect on the Company, or its financial condition or results of operations."
American Water stated on its website that it provides drinking water and wastewater services to more than 14 million people with regulated operations in 14 states and on 18 military installations.
This year, there has been an increase in foreign hackers targeting critical US infrastructure, from transportation to food supply to health care to communications.
On Sunday, NBC News quoted the director of the National Security Agency, who said an investigation had been underway following a recent cyber incident involving Chinese hackers who gained access to at least three telecommunication companies: AT&T, Verizon, and Lumen Technologies.
America's critical infrastructure is owned by much of the private sector and remains ripe for ransomware attacks. The risks of a cyber event bringing down part of the grid remain an elevated concern.