American Water hit by cyberattack

American Water Works Company, the largest public water and wastewater utility in the U.S., confirmed it suffered a cyberattack on October 3, 2024, which led to parts of its infrastructure being shut down. In an 8-K filing with the Securities and Exchange Commission (SEC), the company reported unauthorized activity in its computer networks, prompting the activation of incident response protocols. Third-party cybersecurity experts were brought in to assist, and law enforcement was notified.

Though American Water has not confirmed the exact nature of the cyberattack, there is speculation that it could be a ransomware attack, a common reason companies disconnect systems. However, the company has not explicitly stated this. To prevent further damage, it deactivated certain systems but assured customers that water and wastewater operations were not affected. Additionally, no late fees will be applied while the systems are down.

The company is still investigating the full scope and impact of the incident, and it has emphasized the importance of securing customer data and the environment. This situation highlights the vulnerability of critical infrastructure to cyberattacks, especially in sectors essential to public health and safety.