Iranian Hackers Suspected of Breaching US Gas Station Tank Monitoring Systems

US officials suspect Iranian hackers breached automatic tank gauge (ATG) systems at gas stations in multiple US states by exploiting the lack of password protection and internet exposure, according to reports dated May 16, 2026 ^{[1, 2]}. The hackers altered the displayed fuel tank readings but did not affect the actual fuel quantities stored in the underground tanks ^{[1, 3, 2]}.

Officials warned that unauthorized access to ATG systems could allow concealment of gas leaks, raising safety concerns, although no physical damage or injuries have occurred so far ^{[1, 2]}. The attacks have exposed longstanding cybersecurity vulnerabilities in ATG systems due to inadequate password protection and weak network defenses, a problem noted by US cybersecurity officials and private experts ^[2].

Iran is the leading suspect based on the hacking patterns and past attacks targeting fuel tank infrastructure, though forensic evidence remains limited and definitive attribution is difficult ^{[1, 3, 2]}. If confirmed, these attacks would follow a wave of Iranian cyber activity reportedly increasing after a February 28, 2026, joint US-Israeli strike on Iranian targets, marking another instance of Iran targeting critical US infrastructure ^{[3, 2]}.

The FBI declined to comment on the ongoing investigation into the breaches ^[2]. The initial CNN report revealing the suspected Iranian intrusion was published on May 16, 2026 ^{[1, 2]}. Authorities continue to monitor the security of gas station ATG systems to prevent further unauthorized access or attempts to conceal hazards.