Hacker offering US engineering firm data online after alleged breach

Ransomware concept image showing a yellow-colored alert symbol pictured against a jet black background. — (Image credit: Getty Images)

A cyber criminal is claiming to have seized data from Florida-based engineering firm Pickett and Associates relating to three US utilities.

Pickett provides transmission and distribution power line design, aerial surveying, and LiDAR services to major utilities and mining firms across the US and the Caribbean.

The hacker in question is now offering around 139 GB of engineering data - 892 files - about Tampa Electric Company, Duke Energy Florida, and American Electric Power on a dark web forum.

There's an asking price of 6.5 bitcoin, or a little under $600,000.

Latest Videos From

The data is claimed to include more than 800 classified raw LiDAR point cloud files in .las format, ranging from 100 MB to 2 GB in size, along with full coverage of transmission line corridors and substations, including layers for bare earth, vegetation, conductors, and structure.

Also apparently up for sale are high-resolution orthophotos in .ecw format, microStation design files and PTC settings, large vegetation feature files in .xyz format and preserved folder structures from active projects.

"This dataset contains real, operational engineering data from active projects of major utilities and is suitable for infrastructure analysis, modelling, risk assessment of specialized research," the hacker said.

Tampa Electric Company has around 860,000 business and residential customers in West Central Florida, while Duke Energy Florida has about two million. American Electric Power, meanwhile, boasts nearly 5.6 million customers across 11 states.

ITPro approached Pickett and Associates for comment, but did not receive a response by time of publication.

German solar company data up for grabs

The same criminal is also offering what's claimed to be an internal database belonging to Hamburg, Germany-based solar energy firm Enerparc AG. The data is claimed to include information about solar projects in Spain’s Mallorca and Alicante regions.

According to research from Sophos, 67% of energy, oil or gas and utilities firms suffered a ransomware attack in 2024, up from 55% in 2020.

This time last year, TrustWave said that ransomware attacks targeting the energy and utilities sectors rose by 80% in 2024.

Energy firms are frequently targeted by hacktivists and nation state actors including Russia, China, Iran and North Korea, with China's Volt Typhoon hitting a number of power utilities in 2023.

All in all, US critical infrastructure operators reported almost 4,900 cybersecurity threats in 2024.

Critical industries in the crosshairs

According to recent research from security firm Kela, global ransomware attacks against critical industries rose by 34% in 2025.

The US was the most-affected country, accounting for 21% of global incidents, followed by Canada, Germany, the UK, and Italy.

"In critical industries, such disruptions can have national-level consequences, undermining essential operations and eroding public trust," commented Lin Levi, Kela threat intelligence team lead.

"To protect critical services, governments and critical industry sectors must prioritize proactive preventative measures and maintain continuous real-time monitoring to detect and respond to cyber threats."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.