Hacker Offers Alleged U.S. Utility Engineering Data for Sale After Pickett and Associates Breach

A cybercriminal is claiming to have stolen sensitive engineering data from Florida-based firm Pickett and Associates, allegedly exposing information linked to three major U.S. power utilities: Tampa Electric Company, Duke Energy Florida, and American Electric Power (AEP).

‍

The attacker is advertising approximately 139GB of data spread across 892 files on a dark web forum, with an asking price of 6.5 bitcoin, valued at just under $600,000 at current exchange rates.

Sensitive Infrastructure Data Allegedly Exposed

Pickett and Associates provides transmission and distribution power line design, aerial surveying, and LiDAR services to utilities and mining firms across the U.S. and the Caribbean. According to the hacker’s claims, the stolen dataset contains highly detailed and operational engineering materials tied to active utility projects.

‍

The data allegedly includes more than 800 classified raw LiDAR point cloud files in .las format, with individual file sizes ranging from 100MB to 2GB. These files reportedly cover transmission line corridors and substations, with layers detailing bare earth, vegetation, conductors, and physical structures.

‍

Also said to be included are high-resolution orthophotos in .ecw format, MicroStation design files, PTC configuration settings, large vegetation feature datasets in .xyz format, and preserved directory structures from ongoing projects.

“This dataset contains real, operational engineering data from active projects of major utilities and is suitable for infrastructure analysis, modelling, risk assessment, or specialized research,” the hacker claimed in their forum post.

Utilities Serving Millions of Customers

If legitimate, the breach could have significant implications. Tampa Electric Company serves roughly 860,000 residential and business customers in West Central Florida, while Duke Energy Florida supplies electricity to approximately two million customers. American Electric Power, one of the largest utilities in the U.S., serves nearly 5.6 million customers across 11 states.

‍

ITPro contacted Pickett and Associates for comment but did not receive a response prior to publication. None of the utilities named have publicly confirmed any impact at this time.

Additional Claims Targeting European Energy Firms

The same threat actor is also offering what they claim is an internal database belonging to Enerparc AG, a solar energy company based in Hamburg, Germany. That dataset reportedly includes information related to solar projects in Spain’s Mallorca and Alicante regions, suggesting a broader focus on the global energy sector.

‍

The alleged breach comes amid a sharp rise in cyberattacks targeting energy and utility providers. Research from Sophos indicates that 67% of energy, oil, gas, and utility organizations suffered a ransomware attack in 2024, up from 55% in 2020. Trustwave previously reported an 80% increase in ransomware attacks against the sector during 2024 alone.

‍

Utilities have increasingly been targeted by hacktivist groups and nation-state actors, including operations linked to Russia, China, Iran, and North Korea. China’s Volt Typhoon campaign notably targeted multiple U.S. power utilities in 2023. In total, U.S. critical infrastructure operators reported nearly 4,900 cybersecurity threats in 2024.

Critical Infrastructure in the Crosshairs

According to recent research from threat intelligence firm Kela, global ransomware attacks against critical industries rose by 34% in 2025, with the United States accounting for 21% of all incidents worldwide.

‍

“In critical industries, such disruptions can have national-level consequences, undermining essential operations and eroding public trust,” said Lin Levi, threat intelligence team lead at Kela. “To protect critical services, governments and industry operators must prioritize proactive prevention and continuous, real-time monitoring.”

‍

While the authenticity of the Pickett and Associates data remains unverified, the claims underscore the growing cyber risks facing firms that support critical national infrastructure.