Hacker offers alleged utility engineering data for 6.5 BTC after Pickett US breach
A cybercriminal claims to be selling about 139 GB of engineering data from three major US utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power.
The data dump allegedly comes from a breach of Pickett and Associates, a Florida-based engineering firm, which provides transmission and distribution power line design, aerial surveying, and LiDAR services to major US utilities.
The screenshot of a post on the dark web says the dump consists of 892 files totaling 139.1 GB, primarily 800+ raw LiDAR point cloud datasets in .las format. It also includes high-resolution orthophotos in .ecw format, MicroStation design files (.dgn), PTC configuration files, and large vegetation feature datasets in .xyz format.
The dataset is described in the post as "real, operational engineering data from active projects of major utilities and is suitable for infrastructure analysis and risk assessment."
The stated price is 6.5 bitcoin or the exact equivalent in Monero (XMR), which equals roughly $585,000. According to the post, the price is non-negotiable and is based on “volume, freshness, and technical quality of data”.
Although this is not yet confirmed, the crook claims that the data belongs to Tampa Electric Company (TECO), Duke Energy Florida (DEF), and American Electric Power (AEP).
Tampa Electric Company serves around 860,000 customers, including over 90,000 businesses, across a 2,000-square-mile area in West Central Florida. Duke Energy Florida serves about 2 million residential, commercial, and industrial customers, providing electricity in 35 Florida counties, while American Electric Power serves nearly 5.6 million customers (residential, commercial, and industrial) across 11 US states.
A Duke Energy spokesperson told The Register that the company is investigating the claims.
The same hacker claims to be selling Enerparc AG’s internal database with details about solar projects in Spain’s Mallorca and Alicante regions.
