Breach taxonomy
Summary
On October 3, 2024, American Water Works Company learned of unauthorized activity within its computer networks and systems. The company activated its incident response protocols, engaged third-party cybersecurity experts, notified law enforcement, and disconnected or deactivated certain systems as a precautionary measure. The company stated that none of its water or wastewater facilities or operations were negatively impacted, and it did not expect the incident to have a material effect on the company. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsMalware
The company described unauthorized activity that prompted proactive system disconnections; no specific method (ransomware, exfiltration) confirmed, classified as general malware/intrusion.