California Water Company Customer Data Exposed in Cyberattack

A hacking group called Handala, which operates from Iran, has claimed responsibility for a cyberattack on California Water Service (Cal Water). The hackers published 5GB of data online, which includes customer personal information and login credentials for a platform called RTKBase. Cal Water provides water service to communities throughout California, so this breach potentially affects many families in the state.

If you are a Cal Water customer, your personal information may have been exposed. The stolen data includes customer details and credentials that could allow criminals to access accounts.

While we do not know the exact types of personal information exposed, water utility customer data typically includes names, addresses, phone numbers, email addresses, and potentially payment information. Anyone who has an online account with Cal Water should assume their information may have been compromised. You should take action immediately if you are a Cal Water customer. First, change your password on the Cal Water website or customer portal right away. Choose a strong, unique password you do not use anywhere else. Second, if you used the same password on any other websites or accounts, change those passwords too. Criminals often try stolen passwords on multiple sites. Third, watch your bank and credit card statements closely for any unauthorized charges. Fourth, be alert for phishing emails or text messages claiming to be from Cal Water. Scammers often follow data breaches with fake messages trying to steal more information. For long term protection, consider placing a fraud alert on your credit reports by contacting one of the three major credit bureaus (Equifax, Experian, or TransUnion). Enable two factor authentication on your important accounts whenever possible, which requires a code from your phone in addition to your password. Sign up for account alerts from your bank so you get notified of unusual activity. Keep records of any suspicious activity related to this breach.

This attack reminds us that even essential service providers like water companies can be targeted, so protecting your personal information requires ongoing vigilance.