ON June 11, 2026, the Iran-linked hacking group Handala claimed to have breached California Water Service (Cal Water), accessing sensitive billing data of approximately 2 million customers and releasing a 5GB data dump. The breach, purportedly a retaliation against US actions in Iran, included access to customer information such as names, addresses, and account details, as well as an internal GPS infrastructure known as RTKBase.
Cybersecurity analysts identified that the RTKBase system acted as an entry point that allowed further access to the billing system. Despite the possibility of significant disruptions to water services, no such disruptions were reported. Handala, which appears connected to Iranian military interests, has a history of escalating attacks, raising concerns that this breach could precede future destructive actions.