California Water Utility Customers: Your Personal Information May Have Been Stolen

A hacking group called Handala, reportedly based in Iran, has published 5 gigabytes of stolen data from California Water Service (Cal Water). The stolen information includes customer personal details and login credentials for a system called RTKBase. The hackers have made this information publicly available online.

If you are a Cal Water customer, your personal information may now be in the hands of criminals. This could include your name, address, phone number, email, and possibly account details. The stolen credentials could also affect the water utility's infrastructure systems.

Even if you do not live in California, this incident shows how utility companies can be targets, and your local water, electric, or gas company could face similar attacks.

If you are a Cal Water customer, take these steps immediately:

1. Contact Cal Water directly to ask what specific information was stolen and what they are doing to protect customers.
2. Monitor your bank accounts and credit cards closely for unusual activity.
3. Watch for phishing emails or texts that mention your water bill or account, as scammers now have your contact information.
4. Consider placing a fraud alert on your credit report by contacting one of the three major credit bureaus (Equifax, Experian, or TransUnion).
5. Do not click links in any emails claiming to be from Cal Water; instead, go directly to their official website by typing the address yourself. Utility companies hold more of your personal information than many people realize. Going forward, check your utility account statements regularly, just like you would check bank statements. Set up account alerts if your utility offers them. Create strong, unique passwords for each utility account, and enable two-factor authentication wherever it is offered. These basic steps make it much harder for criminals to misuse your information, even if another company experiences a data breach.