WOODLAND PARK, N.J. — American Water Works, the biggest regulated water and wastewater utility in the United States, revealed on Monday that it suffered a cyberattack earlier this month, which led to a suspension of billing for its millions of customers.

The Camden, New Jersey utility reported that it discovered “unauthorized activity” within its computer networks last Thursday, determining it was due to a “cybersecurity incident.” In response, the company promptly implemented protective measures, including shutting down some systems.

“Once we identified the issue, our team quickly activated our incident response protocols and enlisted third-party cybersecurity experts to help with containment, mitigation, and to investigate the incident’s nature and extent,” American Water announced in a security statement on its website. “We also informed law enforcement and are fully cooperating with them.”

As the company works to restore their systems “safely and securely,” billing is on hold until further notice. Their online customer portal, MyWater, was still offline as of Tuesday.

American Water stated that during this downtime, no services will be cut off, and customers will not incur late fees. The company maintains that it does not believe any of its water or wastewater facilities or operations have been adversely affected by this incident.

Established in 1886, American Water supplies drinking water and wastewater services to over 14 million people across 14 states and 18 military bases, as noted on the company’s website. They also oversee more than 500 individual water and wastewater systems in around 1,700 communities, including locations in New Jersey, Illinois, California, and Pennsylvania.

This cyberattack on American Water is part of an ongoing issue with U.S. public utilities and infrastructure facing cyber threats. In May, the Environmental Protection Agency highlighted an increase in the number and severity of cyberattacks aimed at water utilities throughout the nation.

Recent Cybersecurity Concerns in the U.S.

In recent years, the frequency of cyberattacks has risen as businesses become more reliant on digital systems. YSL News previously reported in July that the number of data breach victims exceeded 1 billion in the first half of 2024—a staggering 409% increase compared to the same timeframe the previous year.

Federal officials have also raised alarms about the escalating threat level. In January, FBI Director Christopher Wray cautioned Congress that Chinese hackers were preparing to “create chaos” within U.S. infrastructure, such as the electric grid and transportation networks.

The EPA has stated that federal agencies have released several advisories regarding cyber threats to water and wastewater systems from foreign entities, including the Iranian Islamic Revolutionary Guard Corps, Russian state-sponsored groups, and Chinese state-sponsored hackers.

Earlier this year, a cyberattack attributed to a Russian-linked hacking group led to an overflow in the water system of Muleshoe, Texas, as reported by CNN. Local authorities stated that this incident coincided with suspicious cyber activities detected in at least two other towns in North Texas.

In November, an Iranian-linked hacking group gained access to water authority infrastructure in Aliquippa, Pennsylvania. They partially controlled a system that manages water pressure, which involved technology produced in Israel. Federal agents indicated the group aimed to disrupt Israeli technology operating in the U.S.

This year has also seen cyberattacks affecting insurance firms, hospital systems, and a significant automotive dealership software provider. YSL News reported in August that a data broker company, National Public Data, experienced a tremendous data breach, compromising 2.9 billion records, including names, addresses, and Social Security numbers.