Site navigation

Florida Cyber-attack Attempts to Contaminate Water Supply

Michael Behr



With the first recorded fatality from a cyberattack coming last year, the Florida water hack serves as a warning that the first targeted ‘cyber murder’ could be a matter of time.

Cybercriminals came close to poisoning the water supply in a Florida city in a remote attack on a water treatment facility, which serves around 15,000 people.

The attackers were able to infiltrate the plant’s systems in Oldsmar and attempted to increase the levels of sodium hydroxide (lye) to potentially dangerous levels.

Sodium hydroxide is used in small amounts during water treatment to control acidity. It is also commonly found in liquid drain cleaners. Around 10 grams of the chemical can be fatal to humans.

Florida County Sheriff Bob Gualtieri said that a computer controlling the water treatment systems was breached twice on February 5th. The first access attempt was noticed in the morning by a plant operator, who assumed it was their supervisor accessing the system.

A second attempt was made in the early afternoon, which saw the attack increase the sodium hydroxide content in the water from 100 parts per million to 11,100 ppm.

The attack took place on a password-protected control panel that was accessed using popular remote control software TeamViewer.

The changes were caught and reversed by an operator, who was also working remotely.

“At no time was there a significant adverse effect on the water being treated. Importantly, the public was never in danger,” Gualtieri said. He noted that the water would not have entered the system for over a day.

At present, it is unknown who the perpetrator or perpetrators are, or whether they were based inside or outside the US. No arrests have been made.


As of yet, there has never been a recorded case of a ‘cyber-murder’ – a cyberattack made with no other purpose than to kill another human being. September 2020 recorded the first cyberattack-related death, when hackers attacked a Düsseldorf hospital with a ransomware attack. With the hospital locked up, an ambulance carrying a critically ill woman was diverted to another hospital 20 miles away and died from treatment delays.

One of the first cyberattacks that directly targeted human lives instead of money was a 2018 attack on a Saudi petrochemical plant. Cyber attackers were able to gain physical access to the facility and ran malicious code that could have caused an explosion at the facility had the attack not been discovered in time.

However, investigators consider that the Saudi attack has all the hallmarks of a state-backed attack, largely aiming to damage the Saudi economy. While the exact nature of the attacker is still unknown, it still serves as a warning that a successful cyberattack targeting human life may only be a matter of time

Michael Behr

Senior Staff Writer

Latest News

Data Protection Editor's Picks
Digital Transformation Events
Cybersecurity Editor's Picks
%d bloggers like this: