Hacker offering US engineering firm data online after alleged breach
Data relating to Tampa Electric Company, Duke Energy Florida, and American Electric Power was allegedly stolen
A cyber criminal is claiming to have seized data from Florida-based engineering firm Pickett and Associates relating to three US utilities.
Pickett provides transmission and distribution power line design, aerial surveying, and LiDAR services to major utilities and mining firms across the US and the Caribbean.
The hacker in question is now offering around 139 GB of engineering data - 892 files - about Tampa Electric Company, Duke Energy Florida, and American Electric Power on a dark web forum.
There's an asking price of 6.5 bitcoin, or a little under $600,000.
The data is claimed to include more than 800 classified raw LiDAR point cloud files in .las format, ranging from 100 MB to 2 GB in size, along with full coverage of transmission line corridors and substations, including layers for bare earth, vegetation, conductors, and structure.
Also apparently up for sale are high-resolution orthophotos in .ecw format, microStation design files and PTC settings, large vegetation feature files in .xyz format and preserved folder structures from active projects.
"This dataset contains real, operational engineering data from active projects of major utilities and is suitable for infrastructure analysis, modelling, risk assessment of specialized research," the hacker said.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Tampa Electric Company has around 860,000 business and residential customers in West Central Florida, while Duke Energy Florida has about two million. American Electric Power, meanwhile, boasts nearly 5.6 million customers across 11 states.
ITPro approached Pickett and Associates for comment, but did not receive a response by time of publication.
German solar company data up for grabs
The same criminal is also offering what's claimed to be an internal database belonging to Hamburg, Germany-based solar energy firm Enerparc AG. The data is claimed to include information about solar projects in Spain’s Mallorca and Alicante regions.
According to research from Sophos, 67% of energy, oil or gas and utilities firms suffered a ransomware attack in 2024, up from 55% in 2020.
This time last year, TrustWave said that ransomware attacks targeting the energy and utilities sectors rose by 80% in 2024.
Energy firms are frequently targeted by hacktivists and nation state actors including Russia, China, Iran and North Korea, with China's Volt Typhoon hitting a number of power utilities in 2023.
All in all, US critical infrastructure operators reported almost 4,900 cybersecurity threats in 2024.
Critical industries in the crosshairs
According to recent research from security firm Kela, global ransomware attacks against critical industries rose by 34% in 2025.
The US was the most-affected country, accounting for 21% of global incidents, followed by Canada, Germany, the UK, and Italy.
"In critical industries, such disruptions can have national-level consequences, undermining essential operations and eroding public trust," commented Lin Levi, Kela threat intelligence team lead.
"To protect critical services, governments and critical industry sectors must prioritize proactive preventative measures and maintain continuous real-time monitoring to detect and respond to cyber threats."
FOLLOW US ON SOCIAL MEDIA
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
Ransomware cartels are fragmenting into volatile splinter groups, warns Met Police cyber chiefNews Commoditized "cyber crime bazaars" and AI data mining are forcing law enforcement to rewrite its playbook
-
New ransomware threat group, The Gentlemen, has become one of the most active ransomware operators, accounting for 10% of all attacksNews NTT researchers warn that the RaaS group is leveraging SystemBC malware to establish covert tunnelling, evade detection, and support rapid lateral movement across enterprise environments
-
Instructure chose to a pay ransom following the Canvas cyber attack – research shows more than half of security leaders would follow suitAnalysis Opting to pay ransoms creates huge risks for enterprises – you’re relying on the word of criminals
-
Ransomware negotiator sentenced for role in major cyber crime groupNews Deniss Zolotarjovs was a key player in a group associated with Conti
-
Threat actors ditch ‘spray and pray’ attacks in shift to targeted exploitationNews A dip in ransomware volumes points to a more targeted approach focused on vulnerability exploitation
-
Security leaders overconfident about ransomware recoveryNews Few manage to recover all their data, and many experience business disruption