California Water Service (Cal Water) is investigating recent hacking claims by the Iran-linked threat actor Handala, which published several gigabytes of data it allegedly stole from the utility’s systems.
Cal Water, one of the largest investor-owned water utilities in the United States, was apparently targeted by Handala in retaliation for the US’s recent attacks on Iran.
Handala, which purports to be a hacktivist collective but is widely believed to be a front for Iranian government hacking operations, claimed it could have disrupted the water supply but decided not to.
Instead the hackers leaked 5 GB of files allegedly stolen from Cal Water, and an analysis by threat intelligence firm Dataminr found that the leaked data included personal information.
Dataminr reported that the hackers apparently compromised a customer billing database and Cal Water’s internal RTKBase application.
Cal Water did not respond to SecurityWeek’s inquiry last week when the hack came to light. However, in a statement provided late on Monday, the utility said it is still investigating the claims.
“We take cybersecurity and this claim very seriously and are working around the clock to investigate. Upon becoming aware of the claim last Thursday, we immediately activated our cybersecurity response plan and launched a robust investigation,” Cal Water told SecurityWeek. “We have been working in close collaboration with our state and federal government partners, as well as independent leading external experts.”
The utility said “preliminary findings indicate that there are no known operational disruptions to our water and wastewater systems, including the billing platform”.
“As a critical infrastructure company, Cal Water maintains a number of cybersecurity, water system security, and water quality assurance measures to help protect our network and systems from malicious actors,” Cal Water stated. “We take cybersecurity and the security of our data and systems very seriously, and we will continue to thoroughly investigate this matter and closely collaborate with our federal and state government partners.”
Threat actors frequently target the water sector, which remains vulnerable to cyberattacks due to its reliance on legacy systems and inadequate security protections.
Related: Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants
Related: ZionSiphon Malware Targets ICS in Water Facilities
Related: Claude AI Guided Hackers Toward OT Assets During Water Utility Intrusion
