In an era where digital threats loom as large as physical ones, the American Water Works Company has experienced a significant cybersecurity breach. This company is the largest regulated water and wastewater utility in the U.S.A. and boasts a rich history dating back to 1886. Serving over 14 million people across 14 states (and 18 US Military installations) it ensures that millions of Americans have access to clean water every day; something we take for granted.

On Monday they disclosed that their computer networks had been compromised by hackers, an event that was first noticed the preceding Thursday. In response, American Water Works enacted immediate protective measures, including system shutdowns and a pause on billing to shield their customers from any inconvenience, demonstrating their commitment to customer service even in crisis.

This incident, while thankfully not directly affecting the physical water supply or treatment processes, raises alarms about the security of critical infrastructure. This breach serves as a stark reminder of how interconnected and vulnerable our essential services are in the digital age.

A determined malicious attacker could seriously harm people who depend on the safe city water that we take for granted every day.

When compromised, utility-level infrastructure can be used to wreak havoc and cause real harm:

• Internet-connected devices could be used to cause unsafe levels of chlorine, chloramine, fluoride, and other chemicals to flow to our taps.
• Pumps could be adjusted to deliver excessive pressures causing mechanical damage to piping, faucets, and fixtures.
• Pumps could be locked-out or rendered inoperable, preventing anyone from getting access to water for fire-suppression, work, play, and drinking.
• Critical filtration processes addressing Arsenic, PFAS, and other contaminants could be taken offline, allowing passage of harmful contaminants downstream.

This event reminds us of the importance of not only corporate and national cybersecurity responsibilities, but also personal responsibility in water quality management for home and business.

While utility companies like American Water Works strive to provide safe water that meets all Federal, State, and Local minimum standards for human consumption, an at-home water treatment system acts as your last line of defense, ensuring that what flows from your faucet is as clean and safe as possible.

Properly selected, installed, and maintained Point of Use (POU) and Point of Entry (POE) water quality improvement systems can address contaminants like chlorine, lead, bacteria, PFAS, and pharmaceuticals, many of which might not be entirely removed by municipal treatments. They also provide improvements in the aesthetic color, taste, and odor of water addressing contaminants that are not inherently dangerous, and other contaminants that might not even be regulated.

Investing in these systems not only enhances the taste and safety of your drinking water but can protect against unforeseen issues in the water supply chain, like the increasing cybersecurity threats faced by utility giants. Moreover, in the context of increasing cyber vulnerabilities, having a personal water treatment solution can certainly offer peace of mind.

Systems ranging from simple pitcher filters to more sophisticated Reverse Osmosis (RO), Ultrafiltration (UF), and Ultraviolet (UV) purification setups can be vital for households, especially in times when external systems might be compromised.

This most-recent cyberattack on American Water Works isn’t just another wake-up call for utility companies but for every individual reliant on these services. This incident might well be the catalyst for a broader understanding of how intertwined our digital and physical worlds have become, and how personal action, like installing an at-home water treatment system, isn’t just about health, comfort, and convenience, but also about resilience in the face of modern threats.

For the very best in quality, service, and support, look for a Water Quality Improvement Professional that is certified by the Water Quality Association, and make sure that the products used are 3^rd-party certified to NSF/ANSI standards.

Good information from American Water:

IT Security FAQs

American Water recently learned of unauthorized activity in our computer networks and systems which we determined to be the result of a cybersecurity incident. As part of our response, we proactively took our customer portal service, MyWater, offline, which means we are pausing billing until further notice. We are working diligently to bring our systems back online safely and securely.

Our dedicated team of professionals are working around the clock to investigate the nature and scope of the incident. We sincerely regret any inconvenience this incident may cause and we are working diligently to remediate and to bring these systems back online in a safe and secure manner.

1. What happened? On Thursday, October 3, 2024, American Water learned of unauthorized activity in our computer networks and systems. This activity has since been determined to be the result of a cybersecurity incident. In an effort to protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems. We proactively took MyWater offline, which means we are pausing billing until further notice. We are working diligently to bring these systems back online safely and securely.
2. How is American Water responding? Upon learning of the issue, our team immediately activated our incident response protocols and third-party cybersecurity professionals to assist with containment, mitigation and an investigation into the nature and scope of the incident. We also notified law enforcement and are coordinating fully with them.
   
   We are working diligently to bring the disconnected systems back online safely and securely. Investigations of this nature take time, and we will share information when and as appropriate.
3. Why can’t I access my MyWater account? In an effort to protect our customers’ data and to prevent any further harm to our environment, we disconnected or deactivated certain systems. We proactively took MyWater offline, which means we are pausing billing until further notice. There will be no late charges or services shut off while MyWater remains unavailable.
4. What is the current status of American Water’s operations and services? We proactively took MyWater offline, which means we are pausing billing until further notice. There will be no late charges or services shut off while MyWater remains unavailable. Additionally, our call center has limited functionality while MyWater is offline. We are working diligently to bring these services back online safely and securely.
   
   We currently believe that none of its water or wastewater facilities or operations have been negatively impacted by this incident.
5. Will this impact my water services and/or other utilities? At this time, we currently believe that none of our water or wastewater facilities or operations have been negatively impacted by this incident. There will be no late charges or services shut off while MyWater remains unavailable.
6. Is the water safe to drink? Yes.
7. Is my information at risk? Our team is working around the clock to investigate this incident and safely restore our systems. Investigations of this nature take time, and we will provide more information when and as appropriate.
8. How did this happen? American Water activated third-party cybersecurity professionals to assist with our investigation into the nature of the incident. This investigation is ongoing and will take time to complete. We take the cybersecurity of our systems with utmost seriousness and are taking additional steps to strengthen the cybersecurity of American Water’s systems. Our customers and the data we maintain remain our highest priorities.
9. What can I do through the call center? Our call center has limited functionality while MyWater is offline. We are working diligently to bring these services back online safely and securely.
10. Will I be charged late fees? No. There will be no late charges or services shut off while MyWater remains unavailable.
11. Where can I go for more information? As we continue to contain and remediate our environment, we will be sharing updated information as appropriate on www.amwater.com.