Cal Water says cybersecurity breach by Iranian-linked hackers was limited California Water Service (Cal Water) reported that a June 11 cyberattack claimed by Iranian-linked hacker group Handala was limited to unauthorized access of one customer's online account via stolen credentials, with no breach of internal systems or billing infrastructure. The investigation, supported by Mandiant, found no evidence of compromise in Cal Water's operational technology or sensitive data. Getting your Trinity Audio //trinityaudio.ai player ready...CHICO — An investigation into a June 11 cyberattack claimed by an Iranian-linked hacker group found that hackers accessed one California Water Service customer’s online account using stolen credentials, but did not breach the utility’s internal systems or billing infrastructure, the company announced this week. Cal Water has continued to investigate claims made on June 11 by an Iranian-linked hacker group that it breached Cal Water’s systems throughout the state — including some in Chico. When the claims were made, Cal Water said it activated its cybersecurity response plan and worked “around the clock” to conduct an investigation, being supported by the state and federal government, as well as cybersecurity experts. Based on the investigation, Cal Water said the threat actor activity was limited to “unauthorized access to a small number of specific user accounts within two third-party service provider platforms.” Mandiant, a cybersecurity firm and subsidiary of Google Cloud, supported Cal Water in the investigation, and did not identify any evidence of activity in Cal Water’s internal technology of operational technology environments. However, the investigation did find that one customer’s account was accessed. “The investigation determined that the threat actor accessed one active customer’s online Cal Water account using stolen user credentials. The customer account did not provide access to the billing system, and no payment information was compromised,” Cal Water said. “The threat actor also accessed an external, third-party web site related to a GPS location correction tool; however, the website does not contain any confidential or sensitive information.” The hacker group, known as Handala, claimed responsibility for the breach June 11. In a screenshot of the groups claims, hackers from the group said the breach was a “warning” to the federal government after air strikes damaged water resources in Sirik, Iran two days prior to the breach. Handala stated it deliberately chose not to “cut off the water to American cities.” Handala has claimed responsibility for several other high-profile incidents, including hacking FBI Director Kash Patel’s personal email on March 27 and a cyberattack against the medical device company Stryker in March.