American Water Works Reports Cyberattack on IT Systems, OT Systems Unaffected

American Water Works, a major provider of water and wastewater services in 14 states, has reported a cyberattack on its IT systems. The company stated that its OT systems were unaffected by the breach, but it has taken precautionary measures to protect customer data and prevent further harm to the environment.

In response to the incident, American Water Works has paused billing and limited call center services. The company reassured customers that the water remains safe to drink, but it will take time to determine if any customer data was compromised in the breach.

The cyberattack, which was discovered on Oct. 3, prompted American Water Works to activate its incident response protocols and engage third-party cybersecurity experts to investigate the nature and scope of the incident. While the company did not specify the nature of the attack, cybersecurity analysts speculate that it may have been a ransomware attack.

This incident comes on the heels of a similar attack in Kansas and a recent report calling for greater EPA protections for water utilities. Cyble researchers have highlighted the growing cyber threats facing water utilities, emphasizing the need for robust security measures to protect critical infrastructure and public health.

As American Water Works works to bring its systems back online safely and securely, the incident serves as a reminder of the increasing vulnerabilities faced by water systems across the country. With recommendations for strengthening security measures, including network segmentation and hardening human-machine interfaces, the industry must prioritize cybersecurity to safeguard essential services for communities nationwide.