Camden, N.J.-based water supplier American Water, the largest water utility in the U.S., has been hit by a cyberattack.
“American Water recently learned of unauthorized activity in our computer networks and systems which we determined to be the result of a cybersecurity incident,” a message on the company’s Security FAQ page reads. “As part of our response, we proactively took our customer portal service, MyWater, offline, which means we are pausing billing until further notice.”
The company became aware of the cyberattack on Oct. 3 and is “working diligently to bring these systems back online safely and securely.”
As of Tuesday afternoon, the company’s customer portal was still offline. Customers are not being billed and no one’s service will be shut off until further notice.
The company said it “currently believe[s]” none of its water or wastewater facilities or operations “have been negatively impacted by this incident” and that it’s safe to drink the water, but it’s “currently unable to predict the full impact” of the hack.
American Water provides drinking water and wastewater service to more than 14 million people in 14 states and on 18 military installations.
The actors behind the hack remain unknown, but the company said unspecified law enforcement was investigating the incident.
Experts consider water utilities to be especially vulnerable to cybercrime, according to CNBC. An Environmental Protection Agency report of inspected water systems found “alarming cybersecurity vulnerabilities” at an undisclosed number of locations.
FBI Director Chris Wray testified to Congress in February that “every American” is affected by foreign agents hacking infrastructure. He specifically blamed China for hacking critical systems in order to “wreak havoc and cause real-world harm.”