American Water pauses billing after cyberattack

The largest regulated water and wastewater utility company in the United States announced Monday that it was the victim of a cyberattack that prompted the firm to pause billing to customers.

New Jersey-based American Water — which provides services to more than 14 million people in 14 states and on 18 military installations — said it became aware of the unauthorized activity on Thursday and immediately took protective steps, including shutting down certain systems. 

The company does not believe its facilities or operations were impacted by the attack, and said staffers were working “around the clock” to investigate the nature and scope of the attack.

The company said it has notified law enforcement and is cooperating with them. It also said customers will not face late charges while its systems are unavailable.

Earlier this year, a June cyberattack on CDK Global, a company that supplies software to manage sales, disrupted business at 15,000 car dealerships, forcing some to close while operations ground to a halt. In February, an attack on Change Healthcare, a subsidiary of UnitedHealth, left patients unable to get prescriptions while hospitals and pharmacies went unpaid for more than a week.

According to its website, American Water manages more than 500 water and wastewater systems in about 1,700 communities in California, Georgia, Hawaii, Illinois, Indiana, Iowa, Kentucky, Maryland, Missouri, New Jersey, Pennsylvania, Tennessee, Virginia and West Virginia.