A hacker gained access to Oldsmar's water treatment plant, bumping the sodium hydroxide in the water to a "dangerous" level, according to Pinellas County's sheriff.
In a press conference Monday, Sheriff Bob Gualtieri said his deputies, along with the FBI and U.S. Secret Service, are investigating the breach as it is unclear if it came from within the U.S. or from a foreign actor.
The incident first occurred on Feb. 5 at the city's water treatment plant when, around 8 a.m., an operator noticed someone had remotely entered the computer system that he was monitoring. It's a system responsible for controlling the chemicals and other operations of the water treatment plant, Gualtieri said.
At first, the operator did not think much of the action due to the common use of the remote access software by supervisors to troubleshoot from different locations. That's until it happened again.
And this time, Gualtieri says, the hacker did more than just remote in. According to the sheriff, the hacker spent up to five minutes in the system and adjusted the amount of sodium hydroxide in the water from 100 parts per million to 11,100.
“This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners," Gualtieri added.
The operator immediately reduced the levels back to the appropriate amount and “at no time was there a significant adverse effect on the water being treated.”
Even if the operator did not notice the intrusion, the sheriff, Oldsmar Mayor Eric Seidel and City Manager Al Braithwaite all noted several fail-safes and alarm systems are in place to flag issues of this kind.
Gualtieri reinforced that at no time was the public in danger.
“The important thing is to put everyone on notice and I think that’s really the purpose of today is to make sure that everyone realizes that these bad actors are out there," Seidel said.
The caustic substance could have caused major issues for the city's drinking water supply.
“If you put that amount of that substance in the drinking water it’s not a good thing," Gualtieri said.
It's why he and the other area leaders refer to the person responsible as a "bad actor."
“This is somebody who is trying, as it appears on the surface, to do something bad," the sheriff said.
The remote access program has been disabled while work is done to ensure a breach like this does not happen again, according to Braithwaite.
While the identity of the accused hacker is not yet known, Gualtieri says his team has been working through the weekend on some leads.
According to the sheriff, there is no knowledge of any other area systems being unlawfully accessed. But, he did ask all area governmental entities to take a critical look at their infrastructure to ensure their security practices are up to par.