Hackers Steal Power Utility Customer DataSargent & Lundy Informs Over 6,900 That Hackers Stole Their Social Security Numbers
A Chicago construction and engineering firm that designs power grids is telling consumers it detected "unauthorized activity" that resulted in the theft of names and Social Security numbers.
According to a report by CNN, a memo distributed to members of an electricity sector information-sharing group says hackers used Black Basta ransomware on the firm Sargent & Lundy. The company did not return Information Security Media Group's request for comment.
A law firm handling breach notification for Sargent & Lundy estimates the hackers stole personal data of more than 6,900 individuals.
"We took immediate action to contain the incident and began an investigation with the assistance of a cybersecurity firm," the company tells consumers about the Oct. 15 incident. Sargent & Lundy has engineered 958 power plant units and more than 6,200 circuit miles of power delivery systems, the company website states.
CNN, citing two individuals familiar with the investigation, says defenders contained the Black Basta ransomware strain in a day.
The Black Basta ransomware gang surfaced in April 2022. The group is known for using double-extortion tactics. "They steal sensitive files and information from victims and later use it to extort victims by threatening to publish the data unless the ransom is paid," researchers from Cybereason recently wrote.
The memo, described to Information Security Media Group as "vague," does not state whether attackers obtained data necessary to mount an attack on the power grid, said someone familiar with its contents.
Company spokeswoman Brenda Romero told CNN that the company informed law enforcement and is fully recovered from the incident, which does not appear to have a broader impact on other power-sector firms.
Cyberattacks on the power grid are the poster child for nightmare scenarios of critical infrastructure hacking. Russia in 2015 successfully caused power outages for more than 230,000 Ukrainians in a winter blackout that lasted as long as six hours in some areas. It attempted a similar attack on a larger scale in April but defenders foiled the attempt (see: Russia-Linked Sandworm Attacks Ukrainian Energy Facility).
In the United States, hackers have been less of a problem than physical saboteurs, including through an attack earlier this month in North Carolina involving gun damage at two substations that left 40,000 without power for days. Oregon Public Radio reported a spate of attacks against the power grid since mid-November, including two incidents that bear similarities to the North Carolina attacks.
With reporting from ISMG's David Perera.