[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIghjKfuvPUscjgMyiJB4pytrpQGsYAqADVLy9rU69nU":3},{"article":4,"iocs":53},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"425f4792-5ba0-4780-b98f-36681e3c8eff","Handala Hacking Group Claims Breach of California Water Service","handala-hacking-group-claims-breach-of-california-water-service-55f675","The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack.","Iran-linked Handala hacking group claims it breached California Water Service, exposing 5GB of customer records and internal GPS mapping system credentials from seven operational areas. The group claims operational control over water supply shutdown but experts assess these claims are exaggerated; confirmed data theft includes customer names, addresses, phone numbers, account numbers, and payment history from the billing system and RTKBase GPS tool.","Handala claims breach of California Water Service, leaking 5GB of customer and GPS network data.","Data Breaches Cyber AttacksHandala Hacking Group Claims Breach of California Water Service The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack. byDeeba AhmedJune 15, 20263 minute read The Iran-linked hacking group Handala has struck again, this time targeting the California Water Service (Cal Water). The group, which security researchers have been tracking closely throughout 2026, claims this move is retaliation for US actions in Iran. Cal Water is a major utility serving two million people across 100 communities in California, making this a worrying event for public infrastructure. The Attack on Cal Water On 11 June 2026, the research firm Dataminr spotted the group boasting about a breach, publishing five gigabytes of data. While experts confirmed that the customer records from the utility’s Chico District were definitely hit, the leaked files also exposed network infrastructure across seven distinct operational areas, which include Bakersfield, Chico, Salinas, Stockton, Visalia, San Mateo, and a regional engineering segment. Reportedly, leaked data comprises names, home addresses, phone numbers, account numbers, and payment history accessed from a customer billing database. The hackers also gained access to an internal system called RTKBase. This is a basic tool used by field crews to get precise GPS data for mapping and fixing water pipes. By stealing passwords from this system, the hackers managed to move over into the billing network. While Handala claimed in their posts that they had the power to shut off water supplies, they haven’t done so. Security teams note that while Handala has a history of using destructive software to wipe computer systems in other campaigns, they haven’t yet tampered with water treatment processes. A screenshot that the Handala hacking group claims was taken from the targeted water service’s internal billing dashboard A Pattern of Exaggeration This incident follows several other attacks linked to Handala in 2026, and as observed lately, this group often mixes genuine data theft acts with exaggerated and unverified claims. As Hackread.com reported in March, they claimed to have hit the medical technology firm Stryker and the payment company Verifone. While Stryker admitted to some network trouble, Verifone found no signs of a breach. Handala claimed to have wiped 200,000 devices at Stryker, but investigators haven’t verified these figures. The group also hacked the personal Gmail account of FBI Director Kash Patel in March, releasing his resume and travel photos to mock US cyber defence. Earlier this month, they claimed to have shut down Israeli military radar networks. However, SOCRadar’s investigation revealed the hackers had only accessed a local town hall’s telephone routing system. Following the incident, Cal Water has been advised to change all exposed passwords immediately and separate its mapping systems from customer billing networks to prevent future issues. Security teams also remain on alert for further activity. Experts’ Perspectives Industry experts shared their comments with Hackread.com regarding the incident. Sean Malone, Chief Information Security Officer at BeyondTrust, highlighted that the group’s claims of operational control are highly suspect: “Nothing in the published evidence supports Handala’s claim that it can shut off water in U.S. cities. Dataminr assesses that the group reached a GPS correction server and a customer billing database. Neither system controls water treatment or distribution, and Dataminr states that OT or ICS disruption is not confirmed in this incident. “As BeyondTrust noted in its Epic Fury threat advisory, Handala has a record of overstating its capabilities. The boast about choosing to spare the water supply reads as the psychological operation itself,” Sean argued. John Gallagher, Vice President at Viakoo, provided context on how the hackers managed to access the utility’s business and physical networks, warning that this tactic is an escalating problem for critical infrastructure: “There can be parallels made to the Colonial Pipeline shutdown, where threat actors were able to leverage a billing server to impact pipeline operations. This was the reverse (going from operational systems to a billing server), which demonstrates that pivot points between the two domains are being exploited,” John explained. “Organizations should not delay in reviewing key protections, especially in eliminating pivot points between OT\u002FIoT and corporate networks, and must enforce strict, zero-trust network segmentation. IoT applications, telemetry platforms, and smart infrastructure must reside on isolated networks completely separated from business systems like billing, email, or corporate databases. An asset compromise on the operational side should never grant access to enterprise data,” he warned. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts CaliforniaCyber AttackCyber CrimeCybersecurityHandalaIranWater Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Cyber Attacks Storm-1175 Deploys Medusa Ransomware Within 24 Hours of Flaw Disclosure Microsoft researchers have uncovered a fast-moving group, Storm-1175, launching high-speed Medusa ransomware attacks against healthcare and education sectors in the UK, US, and Australia by exploiting security flaws in as little as 24 hours. byDeeba Ahmed Read More Security Cyber Attacks UnitedHealth-Linked Health Tech Firm Episource Breach Hits 5.4M Patients Episource breach exposed data of 5.4M patients across the US. Linked to UnitedHealth’s Optum, the health tech firm was hit by a ransomware attack in early 2025. byDeeba Ahmed Read More Cyber Attacks Phishing Scam Security QR Code Scam: Fake Voicemails Target Users, 1000 Attacks in 14 Days Fake Voicemail Phishing on the Rise: Check Point Reveals How Hackers are Exploiting Corporate Phone Systems. byDeeba Ahmed Read More Cyber Attacks Security Adidas Confirms Cyber Attack, Customer Data Stolen Adidas confirms cyber attack compromising customer data, joining other major retailers targeted by advanced threats and rising cybersecurity risks. byWaqas","https:\u002F\u002Fhackread.com\u002Fhandala-hacking-group-california-water-service-breach\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002Fhandala-hacking-group-california-water-service-breach-2.png","2026-06-15T12:07:11+00:00","2026-06-15T14:00:21.667981+00:00",8,[18,21,24,27,30],{"name":19,"type":20},"Handala","threat_actor",{"name":22,"type":23},"RTKBase","product",{"name":25,"type":26},"California Water Service","vendor",{"name":28,"type":29},"GPS mapping systems","technology",{"name":31,"type":29},"Billing databases","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":32,"icon":34,"name":35,"slug":36},null,"Breaches","breaches",[38,43,48],{"category":39},{"id":40,"icon":34,"name":41,"slug":42},"6cbdd207-aaa1-4176-9534-e156b125e917","Nation-state","nation-state",{"category":44},{"id":45,"icon":34,"name":46,"slug":47},"d6f63bb8-0801-486a-be7f-171400700454","IoT\u002FOT","iot-ot",{"category":49},{"id":50,"icon":34,"name":51,"slug":52},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[54],{"type":55,"value":22,"context":56},"malware","GPS correction server compromised; used by water utility field crews for mapping and infrastructure repair"]