Pinellas County Sheriff Bob Gualtieri said during a news conference on Monday that a plant worker at the treatment facility first noticed unusual activity with its computer system at 8 a.m. on Friday. A few hours later, at approximately 1:30 p.m., a hacker accessed the system again. This time taking control of the mouse and opening software that controls water treatment.
The hacker then reportedly increased the amount of sodium hydroxide from 100 parts per million to 11,100 parts per million.
Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners. Officials said it is also used to control water acidity and remove metals from drinking water at treatment plants.
Sheriff Gualtieri said the hacker exited the system and a worker at the plant was able to intervene and reverse the change.
Officials insist that the levels would have never made it into the city’s drinking water.
The CDC directed Ocala Post to its website, where it reads, “Sodium hydroxide does not produce systemic toxicity, but is very corrosive and can cause severe burns in all tissues that it comes in contact with. Sodium hydroxide poses a particular threat to the eyes since it can hydrolyze protein, leading to severe eye damage.”
“Sodium hydroxide is very corrosive. It can cause irritation to the eyes, skin, and mucous membrane; an allergic reaction; eye and skin burns; and temporary loss of hair,” according to the CDC.
Gualtieri said that even if the employee had not intervened right away, it would have taken between 24 and 36 hours to enter the water supply system and that there are other safeguards in place where the water would have been checked before it was released to the public for drinking.
After the employee corrected the changes, a supervisor disabled remote access to the system.
The sheriff’s office was then notified.
“This type of activity and this type of hacking of critical infrastructure is not necessarily limited to just water supply systems,” said Gualtieri.
Software installed on the computer allowed for remote access by employees.
The sheriff has also already been accused of fearmongering and “exaggerating” the seriousness of the incident.
The sheriff said he does not know why the treatment facility was targeted and that they have notified the FBI.
The sheriff’s office does not have any suspects.