American Water Works said it learned of an unauthorized cyber incident Thursday that gained access to its computer networks, according to a Monday securities filing. 

The Camden, New Jersey-based water utility said it took steps to protect its computer network, including disconnecting and deactivating certain systems in order to protect data, and will continue to do so in the future. The firm said none of its water and wastewater facilities or operations have been affected by the hack. 

The company immediately enacted its incident response plan and brought in third-party experts to help investigate. The full scope of the incident is not fully known, but the company does not expect a material impact on its financial condition or results of operations. 

The company has contacted and is receiving help from law enforcement, a spokesperson told Cybersecurity Dive in an email Monday. 

The company said it proactively took the MyWater system offline and will pause billing while the incident is under investigation. The company said its call center will have limited functionality during this period.   

American Water Works is the largest regulated water and wastewater utility in the U.S., serving more than 14 million customers. The company operates in 14 states as well as 18 military installations. 

The incident comes just weeks after federal officials warned of hacktivists targeting U.S. water and wastewater treatment facilities whose systems were exposed to the internet or that used poorly configured authentication methods, such as relying on default passwords. 

The Cybersecurity and Infrastructure Security Agency warned the hackers were using unsophisticated attack methods like brute force password sprays to access these systems. 

A local water facility in Arkansas City, Kansas, was attacked just days before the CISA advisory.