Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
California Water Service Group

California Water Service Group Vendor Cyber Rating & Cyber Score

calwatergroup.com

California Water Service Group provides high-quality, affordable water and wastewater services to more than two million people west of the Mississippi River. We are the third-largest publicly traded water utility in the United States, with five subsidiaries: California Water Service, Hawaii Water Service, New Mexico Water Service, Texas Water Service, and Washington Water Service. We are a purpose-driven company, committed to enhancing the quality of life for our customers, communities, employees, and stockholders by providing quality, service, and value.


CWSG A.I CyberSecurity Scoring

CWSG
Company Information
Website:https://www.calwatergroup.com
Employees number:7
Number of followers:182
NAICS:22
Industry Type:Utilities
Homepage:calwatergroup.com
CWSG Risk Score (AI oriented)
Between 650 and 699
logo
CWSGUtilities
Updated:
17/07/2026
685/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
CWSG Global Score (TPRM)
xxxx
logo
CWSGUtilities
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

CWSG
CWSGWeak
Current Score
685B (WEAK)
01000
2 incidents
-59 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
685Before Incident
JUNE 2026
742Before Incident
Breach
01 Jun 2026CWSG
California Water Service: Iranian Cyber Group Handala Claims Cal Water Hack

Iran-Linked Hacking Group Handala Claims Breach of California Water Service, Leaks 5GB of Data

683After Incident
CRITICAL-59
CAL1781303207
Iran-Linked Hacking Group Handala Claims Breach of California Water Service, Leaks 5GB of Data The Iran-affiliated threat actor Handala has claimed responsibility for a cyberattack on California Water Service (Cal Water), one of the largest investor-owned water utilities in the U.S., serving roughly two million customers across 100 communities in California. The group published 5GB of stolen data, alleging retaliation for recent U.S. actions in Iran and asserting it had the capability to disrupt water access but opted against doing so. According to Dataminr, the attack likely began with the compromise of Cal Water’s RTKBase instance, a GNSS base station platform, which served as an initial access vector or lateral pivot point to the utility’s billing system. The Chico District was confirmed as the target, with leaked data including a customer billing database and internal RTKBase application details. The RTKBase instance had been operational for 783 continuous hours at the time of access, with GPS correction data streamed across seven district mountpoints. The exposed data contains personally identifiable information (PII), such as names, addresses, phone numbers, account numbers, and payment histories, along with administrative credentials for the RTKBase platform and NTRIP source passwords. While no operational technology (OT) or industrial control system (ICS) disruption has been confirmed, Handala’s toolkit includes custom wipers (win.handala, Handala Wiper, Hamsa Wiper) and MBR-overwriting capabilities, indicating potential for destructive follow-on attacks. Handala, linked by the U.S. to Iran’s Ministry of Intelligence and Security (MOIS), has been active since at least 2008 and is also tracked under aliases including Banished Kitten, Void Manticore, and Red Sandstorm. The group is known for data exfiltration, wiper malware deployment, and psychological operations, often escalating from theft to destructive attacks within the same campaign. Previous incidents include the Stryker attack and a recent cyberattack on LA Metro. Cal Water has not publicly acknowledged the breach, and security experts recommend treating the incident as a potential precursor to further destructive activity. All exposed credentials should be considered compromised, and affected systems require immediate auditing and remediation.
INCIDENT DETAILS -
TYPE
Data Breach, Cyber Espionage, Potential Destructive Attack
MOTIVATION
Retaliation for recent U.S. actions in Iran, Psychological Operations, Data Exfiltration
IMPACT
Data Compromised: 5GB of data including customer billing database, PII, administrative credentials, NTRIP source passwordsSystems Affected: RTKBase instance, billing systemOperational Impact: Potential disruption capability (not executed)Brand Reputation Impact: Potential reputational damage due to data breachLegal Liabilities: Potential legal liabilities due to PII exposureIdentity Theft Risk: High (PII exposed)Payment Information Risk: High (payment histories exposed)
DATA BREACH
Personally Identifiable Information (PII)Administrative credentialsPayment historiesNTRIP source passwordsSensitivity Of Data: High (PII, financial data, credentials)Data Exfiltration: Yes (5GB of data published)Personally Identifiable Information: Names, addresses, phone numbers, account numbers, payment histories
MAY 2026
742Before Incident
APRIL 2026
741Before Incident
MARCH 2026
741Before Incident
FEBRUARY 2026
740Before Incident
JANUARY 2026
740Before Incident
DECEMBER 2025
740Before Incident
NOVEMBER 2025
739Before Incident
OCTOBER 2025
739Before Incident
SEPTEMBER 2025
738Before Incident
AUGUST 2025
738Before Incident
JANUARY 2025
753Before Incident
Cyber Attack
01 Jan 2025CWSG
California Water Service: Iran-linked group claims cyberattack against Bay Area-based Cal Water

Iran-Linked Cyberattack on California Water Service

734After Incident
CRITICAL-19
CAL1784313262
Iran-Linked Cyberattack Targets Bay Area Water Utility in Escalating Infrastructure Threats An Iran-affiliated hacking group has claimed responsibility for a cyberattack on California Water Service (Cal Water), the Bay Area-based utility providing clean water across the state. While Cal Water confirmed the incident did not disrupt water or wastewater systems, the breach underscores growing risks to critical infrastructure as geopolitical tensions spill into cyberspace. The attack, part of an ongoing campaign by Iranian actors, appears to serve as both a demonstration of capability and a warning, according to cybersecurity experts. Tony Sabaj of Check Point Software noted the group’s intent to signal vulnerability, framing such strikes as potential acts of terrorism where disruptions to essential services like water could incite fear and widespread harm. The incident reflects a broader shift in cyber warfare, with state-backed groups increasingly targeting U.S. infrastructure amid evolving security defenses. UC Santa Cruz lecturer Chris Hables Gray warned that rapid digitization and overreliance on AI often without adequate safeguards amplify these risks, as automated systems may lack the resilience to counter sophisticated threats. Cal Water, headquartered in San Jose, is continuing its investigation, though no operational impact has been reported. The attack follows a pattern of Iranian cyber operations against American targets, marking critical utilities as a new front in an escalating digital conflict.
INCIDENT DETAILS -
TYPE
Cyberattack
MOTIVATION
Demonstration of capabilityWarningGeopolitical signaling
IMPACT
Operational Impact: No disruption to water or wastewater systems

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for CWSG ?
?
What was CWSG's A.I Rankiteo Cyber Score in June 2026 ?
?
What was CWSG's A.I Rankiteo Cyber Score in May 2026 ?
?
What was CWSG's A.I Rankiteo Cyber Score in April 2026 ?
?
What was CWSG's A.I Rankiteo Cyber Score in March 2026 ?
?
What was CWSG's A.I Rankiteo Cyber Score in February 2026 ?
?
What was CWSG's A.I Rankiteo Cyber Score in January 2026 ?
?
What was CWSG's A.I Rankiteo Cyber Score in December 2025 ?
?
What was CWSG's A.I Rankiteo Cyber Score in November 2025 ?
?
What was CWSG's A.I Rankiteo Cyber Score in October 2025 ?
?
What was CWSG's A.I Rankiteo Cyber Score in September 2025 ?
?
What was CWSG's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on CWSG's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with CWSG ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view CWSG's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?