Cybercriminal Offers Alleged Utility Engineering Data for 6.5 BTC After Pickett US Breach

What happened

A cybercriminal is offering about 139 GB of alleged utility engineering data for 6.5 BTC following an alleged breach of Florida‑based engineering firm Pickett and Associates, claiming the archive includes project files tied to Tampa Electric Company, Duke Energy Florida, and American Electric Power. The offer, priced at roughly $585,000 in Bitcoin or Monero, was posted on dark‑web forums and includes hundreds of raw LiDAR datasets, high‑resolution orthophotos, and design configurations from active utility projects, which the seller describes as “operational engineering data” suitable for infrastructure analysis. The claims have not been independently verified, and affected utilities are reportedly investigating. 

Who is affected

If the breach claims are accurate, major US utilities and their customers could be impacted due to exposure of detailed engineering and infrastructure data tied to transmission lines, substations, and other critical assets. Tampa Electric Company serves around 860,000 customers in West Central Florida; Duke Energy Florida powers about 2 million customers across the state; and American Electric Power serves nearly 5.6 million customers over multiple states. Compromise of such sensitive datasets could pose risk not only to the companies themselves, but also to partners, vendors, and broader regional grid stakeholders. 

Why CISOs should care

CISOs need to pay attention because this incident, if confirmed, represents more than just a typical data breach: it involves critical infrastructure engineering data, which can give threat actors granular insights into operational technology environments, network layouts, and physical system parameters. Exposure of such material could aid targeted sabotage, ransomware extortion, or strategic reconnaissance against power grid infrastructure. CISOs responsible for critical infrastructure must work closely with OT teams, engineering vendors, and upstream partners to assess exposure, control sensitive data flows, and develop incident response strategies that span both IT and OT domains. 

3 practical actions

1. Assess Vendor Security Posture: Conduct immediate security reviews of engineering and other third‑party vendors with access to sensitive infrastructure data, and ensure contractual requirements include robust breach notification and incident response obligations.

2. Classify & Protect Sensitive Data: Implement strict data classification and access controls for engineering and operational datasets to ensure only authorized personnel can view or transfer critical information, with encryption at rest and in transit.

3. Integrate IT/OT Risk Planning: Develop cross‑functional risk assessments involving both IT and OT teams to model threat scenarios related to leaked infrastructure data and to build targeted detection and containment capabilities.