American Water Works, the largest regulated water and wastewater utility in the United States (serving 14+ million people across 14 states), detected unauthorized activity in its IT networks on October 3, 2024, and disclosed it via SEC 8-K filing on October 7. The company immediately disconnected affected systems and shut down its customer-facing MyWater portal and billing services, waiving late fees during the outage. Water and wastewater treatment operations were not impacted. The attack type and responsible threat actor were not publicly confirmed. American Water stated the incident was not expected to have a material financial effect. The incident highlighted critical infrastructure cybersecurity risk for water utilities, prompting CISA and EPA advisories.