Cyber Incident Victim: City of Oldsmar Water Facility
Date:
Feb 2021
Location:
United States of America
Summary
Hackers remotely accessed a Florida water treatment facility's system via TeamViewer, manipulating controls to dangerously increase sodium hydroxide levels in the supply. An employee detected the intrusion in real-time, allowing staff to swiftly reverse the command. The facility's redundant safeguards would have prevented hazardous contamination even without intervention. Law enforcement agencies, including the FBI and Secret Service, investigated the incident, which highlighted critical infrastructure vulnerabilities and served as a warning for enhanced cybersecurity vigilance.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 8, 2021, Pinellas County Sheriff Bob Gualtieri disclosed that hackers breached the water treatment facility of Oldsmar, Florida, a town of approximately 15,000 residents located 17 miles northwest of Tampa. The intrusion occurred on Friday, February 5, when attackers remotely accessed an employee’s computer at the facility using TeamViewer, a software application designed for remote technical support. The employee observed unauthorized activity in real time, including a pop-up notification confirming the remote access, followed by visible mouse movements and program manipulations by the intruder. The hackers subsequently altered the settings controlling the water treatment process, specifically increasing the sodium hydroxide (lye) dosage to a hazardous concentration. Sodium hydroxide, used in regulated quantities to manage water acidity, becomes toxic at elevated levels. The employee immediately alerted supervisors, who contacted law enforcement, and facility operators swiftly reversed the malicious adjustment, minimizing the chemical’s introduction into the water supply.
The facility’s internal IT team and operational safeguards played critical roles in containing the incident. Oldsmar Mayor Eric Seidel confirmed during a February 8 press conference that redundant controls would have prevented the dangerous sodium hydroxide levels from reaching the public even if the manual reversal had not occurred. The water treatment plant, a municipally owned utility, maintained these secondary safety measures as part of its standard operations. Pinellas County Sheriff’s Office collaborated with the FBI and Secret Service to investigate the breach, though no suspects or motives were identified at the time of reporting. Sheriff Gualtieri emphasized the attempted poisoning’s limited impact due to rapid detection and correction, noting the intruder’s actions lasted only a short duration before being countered. He characterized the event as a “wake-up call” for critical infrastructure operators, underscoring the necessity of heightened vigilance against remote-access threats.