Cyber Incident Victim: California Water Service
Date:
Jun 2026
Location:
United States of America
Summary
California Water Service said an initial review of its IT and OT networks found no evidence that the claimed intrusion by the Iranian‑linked group Handala affected water production or delivery systems, though the group asserted it had accessed billing and GPS correction servers in Bakersfield, Visalia and Chico and possessed five gigabytes of customer data. Handala stated it could have disrupted water operations but refrained as a warning to Washington, D.C., linking the action to reported U.S. strikes on Iranian water storage facilities near the Strait of Hormuz. Independent analysis using Dataminr confirmed the attackers reached a GPS correction server and a billing database but found no impact on treatment or distribution controls.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On Thursday, an Iranian-linked hacker group calling itself Handala announced that it had gained access to several California Water Service facilities, specifically naming locations in Bakersfield, Visalia and Chico, and posted screenshots that it said showed residents’ bills. The group claimed to have exfiltrated approximately five gigabytes of data from the alleged breach and made this data available on its website, according to reports from the Iranian news network Press TV. Handala stated that it could have disrupted water treatment or distribution systems but chose not to do so, describing its actions as a warning to Washington, D.C. The group said the intrusion was carried out in retaliation for U.S. strikes that may have damaged two water storage facilities in southern Iran near the Strait of Hormuz.
In response, Yvonne Kingman, director of communications for California Water Service Company, said the utility had conducted a preliminary scan of its internal information technology and operational technology networks and found no signs of compromise in its IT, water production, or delivery systems at that time. She noted that the investigation was continuing and that she did not have further information to confirm whether Handala had accessed other systems such as the company’s billing system. Kingman emphasized that the utility remained vigilant and would provide updates as more details became available. The statement was issued on Friday, June 13, 2026, following the group’s public claims.
A separate analysis conducted by cyber experts using the Dataminr artificial intelligence tool indicated that Handala had reached a GPS correction server and a customer billing database associated with California Water Service. The experts clarified that neither of those systems controls water treatment or distribution processes. According to the Dataminr assessment, there was no confirmed disruption of operational technology or industrial control systems in this incident. Consequently, the utility’s director of communications reiterated that the network and related aspects of California Water Service remained secure despite the hacker group’s claims.