At the time of increasing threats to the U.S. water supply, American Water, the largest water utility, was targeted by a cyberattack.

• The largest water utility in the U.S., American Water, disclosed that it had been the target of a cyberattack and was forced to shut down certain systems, including billing.
• Water system hacks in the U.S. have been increasing and have been linked to adversaries of the U.S., including Russia, Iran, and China.
• The American Water cybersecurity investigation, which now involves law enforcement and outside experts, is still in its initial stage, and no specific cause or threat actor has been identified, according to the company's web site security statement.

A cyberattack targeted the largest water utility in the U.S.

The company based in Camden, New Jersey announced on its website that it discovered "unauthorized activity in our computer networks and systems" on Thursday, which it determined to be the result of a cybersecurity incident.

The company announced on Tuesday that it has temporarily suspended its customer service portal and billing function "until further notice." As a result, the company will not impose any late fees or other fees related to billing while the system is down.

The recent hacks of major U.S. companies have resulted in the disruption of key online systems, causing inconvenience for consumers and businesses alike. For instance, the hack of UnitedHealth caused difficulties for patients in obtaining prescriptions and for healthcare professionals in receiving payment for their services.

Attacks on U.S. water infrastructure have been on the rise, with some of the perpetrators being identified as geopolitical rivals of the U.S., such as Iran, Russia, and China.

Foreign-linked cybercriminals are increasingly targeting critical national infrastructure, including drinking water and wastewater systems, according to an EPA spokesman.

Over 14 million individuals receive drinking water and wastewater services from American Water, which operates in 14 states and on 18 military installations under regulation.

Recently, a Russian-linked hack targeted a water filtration plant in Muleshoe, Texas, which was situated near a U.S. Air Force base. Adam Isles, the head of cybersecurity practice for Chertoff Group, stated that water is the least mature in terms of security, as he recently shared this with CNBC.

In February, the FBI informed Congress that Chinese hackers had infiltrated the United States' cyber infrastructure with the intention of causing harm, specifically targeting water treatment facilities, the electrical grid, transportation systems, and other critical infrastructure.

According to America Water, the investigation is ongoing, and currently, it is believed that no water or wastewater facilities or operations have been affected, and water remains safe to drink.

Law enforcement and third-party cybersecurity experts are now involved, the company said.

American Water did not immediately respond to a request for additional comment.

The Environmental Protection Agency issued an enforcement alert warning that 70% of water systems it inspected do not fully comply with requirements in the Safe Drinking Water Act due to rising cybercrime targeting key water infrastructure. The EPA did not provide an exact number but stated that some systems have "alarming cybersecurity vulnerabilities," including default passwords that have not been updated, vulnerable single login setups, and former employees who retained systems access.

American Water first learned of the unauthorized computer access on October 3 and determined it was a cyberattack. The company turned off its customer systems to protect data, but it is too early to determine if any customer information is at risk.

An American Water spokesman declined to comment beyond the official security statement.