Privacy & Information Security Law Blog

On February 8, 2021, Pinellas County, Florida officials announced that a hacker had remotely gained access to the City of Oldsmar's water treatment system on two separate occasions and was able to change the setting for sodium hydroxide in the water supply. The incident highlights the danger to local government information systems and the dangers of remote access vulnerabilities.

In a press conference, the Pinellas County Sheriff, Bob Gualtieri, emphasized that the sodium hydroxide levels in the county’s water did not actually change because a water system employee noticed the change in the setting and reversed it. Sodium hydroxide is used in public water systems to prevent pipes from corroding, but it can cause skin burning and can be fatal to humans if ingested in large amounts.

Sheriff Gualtieri added that the Oldsmar water system was able to be accessed with a preinstalled piece of remote access software intended to allow “authorized users to troubleshoot any system problems from other locations.” The software, known as TeamViewer, is commonly used for remote access and IT troubleshooting.

Once they learned of the incident, the county took steps to “stop further remote access to the system” and contacted the FBI and the Secret Service to investigate.

Read the press conference about this incident.