Critical Infrastructure Security, Data Security

Allegedly exfiltrated US energy firms’ data up for sale

High voltage substation under sunset. The Department of Energy is putting $12 million behind six university-led cybersecurity research projects that look for innovative ways to securely build or design the nation’s energy systems. (Photo Credit: bjdlzx via Getty Images)

Major U.S. electric utilities American Electric, Duke Energy Florida, and Tampa Electric Company had nearly 139 GB of engineering data purportedly pilfered following a cyberattack against Florida-based engineering firm Pickett and Associates peddled for 6.5 bitcoin, or nearly $585,000, The Register reports.

Allegedly part of the stolen data trove were 892 files, including over 800 classified raw LiDAR point cloud files, high-resolution orthophotos, complete transmission line and substation coverage, large vegetation feature files, MicroStation design files, and other documents from active projects, according to a post of the threat actor, who also claimed to sell German solar energy firm Enerparc AG's internal database, on Daily Dark Web. While Pickett USA has not commented on the supposed breach, Duke Energy has begun investigating the cybercriminal's assertions.

"With threats evolving every day, Duke Energy's highly skilled cyber security team works diligently to protect our businesses, systems, and information technology assets and responds quickly if a cyber incident occurs," said a Duke Energy spokesperson.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds