Kate Gibson reports:
American Water Works — a supplier of drinking water and wastewater services to more than 14 million people — on Monday said hackers had breached its computer networks and systems, prompting it to pause billing to customers.
The Camden, New Jersey-based utility became aware of the unauthorized activity on Thursday, and took protective steps, including shutting down certain systems, American Water Works stated in a regulatory filing. The company does not believe its facilities or operations were impacted by the cybersecurity incident, but is “currently unable to predict the full impact,” it stated.
Read more at CBS News.
From their SEC Filing:
Discovery of and Response to Cybersecurity Incident
On October 3, 2024, American Water Works Company, Inc. (the “Company”) learned of unauthorized activity within its computer networks and systems, which the Company determined to be the result of a cybersecurity incident. Upon learning of this activity, the Company immediately activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities and to investigate the nature and scope of the incident. The Company also promptly notified law enforcement and is coordinating fully with them. The Company has taken and will continue to take steps to protect its systems and data, including disconnecting or deactivating certain of its systems. The Company currently believes that none of its water or wastewater facilities or operations have been negatively impacted by this incident. Although the Company is currently unable to predict the full impact of this incident, the Company does not expect the incident will have a material effect on the Company, or its financial condition or results of operations.
A check of ransomware leak sites this morning did not find any listing for American Water Works, so it is not yet clear whether this is a ransomware situation or not.