Cal Water Confirms User Credentials Exploited in Hacking
After Iranian-linked threat actor Handala claimed to have hacked California Water Service (Cal Water), an organization spokesperson stated the company was investigating the claims. Recently, the Cal Water spokesperson reached out to Security magazine with an update on its investigation.
The spokesperson stated, “As a critical infrastructure company, California Water Service takes cybersecurity and the security of our data and systems very seriously. Following the cybersecurity incident allegations made on June 11, 2026, we activated our cybersecurity response plan and worked around the clock to conduct a robust investigation, supported by leading cybersecurity experts, including Mandiant.
“Based on its investigation, Mandiant has confirmed that the threat actor activity was limited to unauthorized access to a small number of specific user accounts within two third-party service provider platforms. Mandiant did not identify evidence of threat actor activity in Cal Water’s internal information technology or operational technology environments.
“The investigation determined that the threat actor accessed one active customer’s online Cal Water account using stolen user credentials. The customer account did not provide access to the billing system, and no payment information was compromised. The threat actor also accessed an external, third-party web site related to a GPS location correction tool; however, the website does not contain any confidential or sensitive information.
“We appreciate the collaboration and support our state and federal government partners provided throughout the investigation, and we will continue to work to maintain the security of our systems and data from malicious actors.”
This attack falls in line with official warnings earlier this year that Iranian actors may target critical infrastructure, including water and wastewater systems (WWS).
Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!
