He told the media on Monday US time that an incident occurred on 5 February; an operator noticed at about 8am that day that there was an intruder in the computer system he was monitoring, the website WTSP reported.
Gualtieri said he, along with his deputies, the FBI and the US Secret Service were investigating whether the attacker was from within the US or from another country.
The sheriff said the operator did not react to the first incident because remote access by supervisors is common. But when it occurred a second time, he took note.
“This is obviously a significant and potentially dangerous increase. Sodium hydroxide, also known as lye, is the main ingredient in liquid drain cleaners," the sheriff said.
The operator reversed the changes immediately, and Gualtieri claimed the public had never been in danger.
City manager Al Braithwaite said remote access had been disabled while the site was secured to ensure that such a breach could not recur.
Contacted for comment, Jake Williams, a former NSA hacker with the agency's now-disbanded elite Tailored Access Operations Unit, told iTWire: "This event should serve as a wake-up call to organisations to inventory and secure their remote access software.
"It is important to search for unauthorised installations of remote access software. Because TeamViewer offers a free licence mode for non-commercial use and does not require installation, it is easily deployed without the help of IT."
He added in a tweet: "If I were a TeamViewer executive, I'm not sure if I'd be happy for free publicity or mad because it's bad publicity.
"But I tell you what would send me through the roof: learning that we got all this publicity because the victim didn't properly license my remote access software.
"I'm not saying I know that's the case, but I damn sure wouldn't bet against it.
"Actually, I'm calling it now: the compromised TeamViewer instance isn't properly licensed. In my experience, that's like a 90%+ probability."