A hacker gained remote access to a Florida city’s water treatment plant in an attempt to contaminate the city’s supply of water with a harmful chemical, authorities said Monday.
The unknown hacker breached the computer system at the Oldsmar water plant on Friday and briefly increased the amount of sodium hydroxide in the water supply from about 100 parts per million to 11,100 parts per million, Pinellas County Sheriff Bob Gualtieri said during a news conference. Oldsmar — a suburb of Tampa with fewer than 14,000 residents — is about 20 miles from Raymond James Stadium, were the Super Bowl was played on Sunday.
“This is obviously a significant and potentially dangerous increase,” Gualtieri said. “Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners.”
Sodium hydroxide is used to treat water acidity, but if it’s ingested in large quantities, it can cause spontaneous vomiting, chest and abdominal pain, and difficulty swallowing, according to the Centers for Disease Control.
Organizations running the nation’s energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. Hacks against critical infrastructure carry more weight than typical cyberattacks, considering that the effects can result in blackouts and potential life-or-death scenarios as hospitals and cities depend more heavily on technology.
A supervisor at the water treatment plant was able to intervene and return the amount of the chemical in the water to safe levels, authorities said.
“At no time was there a significant adverse effect on the water being treated,” Gualtieri said. “Importantly, the public was never in danger.”
The source of the hack wasn’t immediately clear, authorities said. The FBI and Secret Service have joined the Pinellas County Sheriff’s Office in investigating the attack.