CWSG A.I CyberSecurity Scoring
CWSG
Company Information
Website:https://www.calwatergroup.com
Employees number:7
Number of followers:182
NAICS:22
Industry Type:Utilities
Homepage:calwatergroup.com
CWSG Risk Score (AI oriented)
Between 650 and 699
CWSGUtilities
Updated:
17/07/2026
17/07/2026
685/1000
Weak
B
CWSG Global Score (TPRM)
xxxx
CWSGUtilities
Score locked

CWSGWeak
Current Score
685B (WEAK)
01000
2 incidents
-59 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
685
JUNE 2026
742
Breach
01 Jun 2026 • CWSG
California Water Service: Iranian Cyber Group Handala Claims Cal Water Hack
Iran-Linked Hacking Group Handala Claims Breach of California Water Service, Leaks 5GB of Data
683
CRITICAL-59
CAL1781303207
Iran-Linked Hacking Group Handala Claims Breach of California Water Service, Leaks 5GB of Data
The Iran-affiliated threat actor Handala has claimed responsibility for a cyberattack on California Water Service (Cal Water), one of the largest investor-owned water utilities in the U.S., serving roughly two million customers across 100 communities in California. The group published 5GB of stolen data, alleging retaliation for recent U.S. actions in Iran and asserting it had the capability to disrupt water access but opted against doing so.
According to Dataminr, the attack likely began with the compromise of Cal Water’s RTKBase instance, a GNSS base station platform, which served as an initial access vector or lateral pivot point to the utility’s billing system. The Chico District was confirmed as the target, with leaked data including a customer billing database and internal RTKBase application details. The RTKBase instance had been operational for 783 continuous hours at the time of access, with GPS correction data streamed across seven district mountpoints.
The exposed data contains personally identifiable information (PII), such as names, addresses, phone numbers, account numbers, and payment histories, along with administrative credentials for the RTKBase platform and NTRIP source passwords. While no operational technology (OT) or industrial control system (ICS) disruption has been confirmed, Handala’s toolkit includes custom wipers (win.handala, Handala Wiper, Hamsa Wiper) and MBR-overwriting capabilities, indicating potential for destructive follow-on attacks.
Handala, linked by the U.S. to Iran’s Ministry of Intelligence and Security (MOIS), has been active since at least 2008 and is also tracked under aliases including Banished Kitten, Void Manticore, and Red Sandstorm. The group is known for data exfiltration, wiper malware deployment, and psychological operations, often escalating from theft to destructive attacks within the same campaign. Previous incidents include the Stryker attack and a recent cyberattack on LA Metro.
Cal Water has not publicly acknowledged the breach, and security experts recommend treating the incident as a potential precursor to further destructive activity. All exposed credentials should be considered compromised, and affected systems require immediate auditing and remediation.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
742
APRIL 2026
741
MARCH 2026
741
FEBRUARY 2026
740
JANUARY 2026
740
DECEMBER 2025
740
NOVEMBER 2025
739
OCTOBER 2025
739
SEPTEMBER 2025
738
AUGUST 2025
738
JANUARY 2025
753
Cyber Attack
01 Jan 2025 • CWSG
California Water Service: Iran-linked group claims cyberattack against Bay Area-based Cal Water
Iran-Linked Cyberattack on California Water Service
734
CRITICAL-19
CAL1784313262
Iran-Linked Cyberattack Targets Bay Area Water Utility in Escalating Infrastructure Threats
An Iran-affiliated hacking group has claimed responsibility for a cyberattack on California Water Service (Cal Water), the Bay Area-based utility providing clean water across the state. While Cal Water confirmed the incident did not disrupt water or wastewater systems, the breach underscores growing risks to critical infrastructure as geopolitical tensions spill into cyberspace.
The attack, part of an ongoing campaign by Iranian actors, appears to serve as both a demonstration of capability and a warning, according to cybersecurity experts. Tony Sabaj of Check Point Software noted the group’s intent to signal vulnerability, framing such strikes as potential acts of terrorism where disruptions to essential services like water could incite fear and widespread harm.
The incident reflects a broader shift in cyber warfare, with state-backed groups increasingly targeting U.S. infrastructure amid evolving security defenses. UC Santa Cruz lecturer Chris Hables Gray warned that rapid digitization and overreliance on AI often without adequate safeguards amplify these risks, as automated systems may lack the resilience to counter sophisticated threats.
Cal Water, headquartered in San Jose, is continuing its investigation, though no operational impact has been reported. The attack follows a pattern of Iranian cyber operations against American targets, marking critical utilities as a new front in an escalating digital conflict.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CWSG ??
What was CWSG's A.I Rankiteo Cyber Score in June 2026 ??
What was CWSG's A.I Rankiteo Cyber Score in May 2026 ??
What was CWSG's A.I Rankiteo Cyber Score in April 2026 ??
What was CWSG's A.I Rankiteo Cyber Score in March 2026 ??
What was CWSG's A.I Rankiteo Cyber Score in February 2026 ??
What was CWSG's A.I Rankiteo Cyber Score in January 2026 ??
What was CWSG's A.I Rankiteo Cyber Score in December 2025 ??
What was CWSG's A.I Rankiteo Cyber Score in November 2025 ??
What was CWSG's A.I Rankiteo Cyber Score in October 2025 ??
What was CWSG's A.I Rankiteo Cyber Score in September 2025 ??
What was CWSG's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CWSG's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CWSG ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CWSG's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?