"We are continuing to investigate the cybersecurity incident allegations made on June 11, 2026," a California Water Service (Cal Water) spokesperson told Security magazine.
Cal Water’s immediate actions and active investigation
Cal Water says it moved quickly after learning of the claim. "Upon becoming aware of the claim last Thursday, we immediately activated our cybersecurity response plan and launched a robust investigation," the company told Security magazine. The utility added that teams are working "around the clock to investigate" and that the probe is ongoing. Those statements frame the company's posture: rapid escalation, a standing response plan, and sustained investigative activity.
Preliminary findings: no known operational disruptions
Cal Water reported a clear early finding: "Our investigation remains ongoing, but our preliminary findings indicate that there are no known operational disruptions to our water and wastewater systems, including the billing platform." That assessment, offered while the inquiry continues, is the central operational claim in the public record to date.
The claim by Handala and outside skepticism
The incident was triggered by claims that Handala — identified in reporting as "a cyber threat group linked to Iran" — had compromised Cal Water and gained the ability to disturb water supply flow. Cybersecurity experts, according to the reporting, have questioned those assertions, noting Handala’s "tendency to overstate its actions and abilities." In short: a named group asserted control, and independent practitioners immediately urged caution about accepting the claim at face value.
Interagency cooperation and external expertise
Cal Water said it is "working in close collaboration with our state and federal government partners, as well as independent leading external experts." The company also emphasized its existing defensive measures, stating: "As a critical infrastructure company, Cal Water maintains a number of cybersecurity, water system security, and water quality assurance measures to help protect our network and systems from malicious actors." Those two points together — partnership with government and outside experts, and existing protection measures — are the company's public reassurances while investigators continue their work.
How technologists, policymakers, and the public are likely to respond
Technologists and security teams will be watching the ongoing investigation and the outcome of Cal Water’s activated response plan, looking for forensic detail and confirmation of the preliminary finding that operational systems remained intact. Policymakers and regulators, and the state and federal partners Cal Water referenced, will monitor the collaboration Cal Water describes and any formal notifications or incident reports that follow from the inquiry. The public and utility customers will seek reassurance about water service continuity and billing integrity, matters Cal Water expressly said have no known disruptions so far.
For now, the record is straightforward: an allegation appeared on June 11, 2026; Cal Water raised and acted on the alarm last Thursday; the utility has activated its response plan, engaged government and outside experts, and reports no known operational disruptions to water, wastewater, or billing systems as its investigation continues. Cybersecurity experts have urged caution about the original claim, and Cal Water says it "will continue to thoroughly investigate this matter and closely collaborate with our federal and state government partners." Whether the claim by Handala will be substantiated remains the central open question.
