Hacker attempted to taint San Francisco drinking water: report

The cybercriminal deleted water treatment programs

A hacker attempted to taint the drinking water in the San Francisco area at the beginning of the year, a disturbing report that recently came to light revealed.

The hacker obtained a former employee’s TeamViewer credentials to log on and delete programs to treat drinking water, according to the Northern California Regional Intelligence Center obtained by NBC News. The Jan. 15 hack was discovered the next day and there were no failures as a result of the breach, according to the outlet.

Rod Colon, district manager of the North Springs Improvement District in Florida, told FOX Business that tampering with the treatment programs could potentially make residents sick due to the presence of things like E. coli in the water. 

A spokesperson for the Northern California Regional Intelligence Center did not return FOX Business’ request for comment about the San Francisco incident, which came just a month before a separate attempt on the water supply in Florida.


As previously reported by Fox News, a hacker gained remote access to the Oldsmar's water treatment facility in February and attempted to contaminate it with sodium hydroxide. A worker at the plant was able to reverse the hacker’s changes. The incident occurred the same weekend that the Super Bowl was scheduled in Tampa, less than 20 miles away.

Colon explained that water treatment plants have been notified that there could be attempts on their systems ever since 9/11, after which the Department of Homeland Security audited every water system and issued recommendations to better secure the infrastructure.

"Every water treatment facility regulated by the EPA did that audit and of course it’s a confidential report but… every water supplier is supposed to be working toward the goals set by the DHS based on that assessment report," Colon said.

Some cities did not invest in the recommended upgrades, Colon said. For example, he explained that no remote actor should be able to make adjustments to the water treatment plan.

"No one can log into our system remotely – you have to physically be on site," Colon explained of his operation. "Every incident that I’ve been reading about, it’s a username and password [and someone has] been able to do this from around the globe."

Beyond the water plants themselves, Colon noted that there are potential vulnerabilities along all points of the distribution line until the water reaches households.


Protecting the nation’s critical infrastructure from hacks has become a focus point for the White House in the wake of several recent incidents that have highlighted vulnerabilities.

Colonial Pipeline, a major fuel provider to suppliers on the East Coast, was struck with a ransomware attack in May that forced it to take its operations offline for nearly a week – causing temporary regional shortages that sent the price of fuel higher. The company paid more than $4 million in ransom to free its systems, a sizable amount of which was eventually recovered by federal investigators.

A separate ransomware attack temporarily halted operations at the world’s largest meat supplier JBS.

The Biden administration announced plans in May to create a task force dedicated to prosecuting ransomware hackers.

For water plants specifically, Colon expects that the government will carry out assessments like it did in the wake of the 9/11 attacks. This time, however, he believes the government will proceed with enforcement actions for entities that fail to safeguard their infrastructure.