Hackers are claiming to have breached Pickett and Associates, a Florida-based engineering firm that handles mapping, transmission, and design work for several large U.S. utilities, and are offering roughly 139 GB of sensitive operational data from clients including Tampa Electric Company, Duke Energy Florida, and American Electric Power for sale on dark web forums for about 6.5 bitcoin (roughly $585,000). According to reporting, the stolen material reportedly includes LiDAR files, orthophotos, and detailed design documents that could aid infrastructure analysis or pose security risks if misused, prompting ongoing investigations by affected utilities. Independent coverage confirms the claim, noting the substantial volume of utility engineering data allegedly being auctioned by a cybercrook exploiting the breach.
Sources:
https://www.techradar.com/pro/security/hackers-claim-breach-of-engineering-firm-offer-sale-of-info-on-three-major-us-utilities
https://www.theregister.com/2026/01/02/critical_utility_files_for_sale/
https://cybernews.com/cybercrime/hacker-offers-alleged-utility-engineering-data-for-6-5-btc-after-pickett-us-breach/
Key Takeaways
- Critical infrastructure engineering data allegedly compromised: A breach of an engineering firm has resulted in sensitive utility data being marketed on underground forums.
- High-value ransomware/extortion marketplace persists: The data is reportedly being offered for a steep crypto price, reflecting an ongoing trend of monetizing cyber intrusions against service providers.
- Utility sector security spotlighted: This incident underscores growing cyber risks targeting essential energy and infrastructure providers in the United States.
In-Depth
A troubling development in cybersecurity circles has emerged with claims that Pickett and Associates, a civil engineering and geospatial services firm in Florida, has been compromised by attackers who now seek to profit by selling sensitive infrastructure data tied to major U.S. utilities. The data cache, reported to span roughly 139 gigabytes, allegedly includes detailed LiDAR scans, design schematics, and high-resolution maps associated with power transmission lines and related systems for utilities such as Tampa Electric Company, Duke Energy Florida, and American Electric Power. The price tag attached by the seller — 6.5 bitcoin — equates to an eye-watering sum that highlights the monetization of cybercrime through dark web marketplaces where hacked data, whether personally identifiable information or core infrastructure blueprints, is bought and sold.
Reports from multiple independent sources paint a consistent picture of a breach that, if verified, raises serious concerns about the integrity and security of engineering firms entrusted with critical infrastructure data. These firms often sit at the nexus of utility operations, tasked with surveying, planning, and mapping services that directly support the physical grid — work that necessarily involves detailed insight into network topology and deployment specifics. A breach of this nature thus doesn’t just jeopardize competitive business secrets but could expose operational knowledge that might be misused in sabotage or targeted attacks.
Industry observers note that this episode is emblematic of larger trends where cybercriminals are increasingly targeting third-party vendors and contractors as weak links to gain indirect access to larger, better-protected utility operators. The resale of stolen engineering data on dark forums for cryptocurrency further reflects a marketplace that remains lucrative for sophisticated actors. For policymakers and utility security teams alike, this incident should act as a stark reminder to harden defenses not just internally but across the supply chain — requiring rigorous vetting and systemic cybersecurity upgrades for all partners handling sensitive infrastructure information. A coordinated response, including swift forensic analysis, utility notification, and strategic reinforcement of network segmentation and encryption practices, will be essential in mitigating fallout and deterring similar breaches that threaten U.S. critical infrastructure.