Oct. 8 (UPI) -- New Jersey-based American Water, the nation's largest publicly traded water utility, said it took steps to minimize harm from a cyberattack while continuing water and wastewater services in 14 states.
The water utility discovered a cyberattack Thursday, and in a Securities and Exchange Commission filing Monday said the attack did not affect the utility's water and wastewater facilities or services.
Upon discovering the attack, the utility said it initiated response protocols to mitigate potential damage and determine the scope and origin of the attack.
Company officials also disconnected and deactivated some of its systems to minimize potential damage and contacted law enforcement and third-party cybersecurity experts.
Related
"The company currently believes that none of its water or wastewater facilities or operations have been negatively impacted by this incident," the SEC filing says.
"Although the company is currently unable to predict the full impact of this incident, the company does not expect the incident will have a material effect on the company or its financial condition or results of operations."
While the utility continues its normal water and wastewater operations, it said it disconnected some systems and suspended customer billing until further notice. Customers will not be charged late fees while the billing system is down.
The utility provides water and wastewater services for 14 million people in California, Iowa, Missouri, Illinois, Indiana, Kentucky, Tennessee, northern Georgia, New Jersey, Pennsylvania, Maryland, Virginia and West Virginia.
The utility also serves 18 military installations.
The Environmental Protection Agency recently cautioned water utility providers about a recent rise in cyber crime that targets water infrastructure in the United States.
The EPA warning indicated about 70% or water systems that it inspected do not fully abide the requirements of the Safe Drinking Water Act, including protecting against cybersecurity vulnerabilities.
Among cybersecurity problems the EPA cited were not updating default passwords, using single-step logins and enabling former workers to maintain systems access.