THE Iranian hacking group Handala claimed to have breached California Water Service (Cal Water), releasing 5GB of stolen data as retaliation against the US. The breach affected a customer billing database and Cal Water's RTKBase system, exposing personal identifiable information (PII) and administrative credentials. Dataminr, a cybersecurity firm, suspects lateral movement from the RTKBase platform to the billing system. Despite Handala indicating a capability to disrupt water access, they opted not to.
Experts recommend immediate credential rotation and system audits to mitigate potential risks. Cal Water has not publicly confirmed the incident.