An electric utility serving multiple counties in Mississippi was attacked by cybercriminals last summer in an incident that exposed information of more than 20,000 residents. The Yazoo Valley Electric Power Association initially warned customers through social media on 26 August 2024 that, due to software problems, they were unable to process payments. The system was restored by 30 August.
In breach notification letters filed with regulators last week, the utility confirmed it discovered “suspicious activity” on 26 August and initiated an investigation. “A thorough investigation determined that an unauthorized actor accessed certain files on our network. We then conducted a thorough review of the potentially impacted data to determine the types of information contained therein and to whom the information related,” the organization said. It provides power to six counties along the Mississippi River and Louisiana border.
The organization completed its review on 24 October, determining “limited” amount of personal information was accessed and then “worked to obtain address information for potentially affected individuals” until 20 December. The organization redacted what information was stolen by the hackers beyond the names of customers. Yazoo Valley Electric Power Association did not respond to requests for comment. The 20,997 victims are being offered one year of identity protection services.
Nearly 100,000 people live across the six counties: Yazoo, Holmes, Warren, Issaquena, Sharkey and Humphreys and use these utility serves. The organization provides power to more than 9,300 homes and nearly 1,000 businesses in the region. While Yazoo Valley Electric Power Association never said if the issues and data breach was caused by ransomware, a ransomware gang named Akira took credit for the attack in November.
The gang claimed to have taken documents with Social Security numbers and company financial records. Akira emerged in March 2023, according to the FBI, and in its first year of operations made $42 million from around 250 attacks. The FBI noted that the gang made a point of targeting critical infrastructure entities like the largest switching and terminal railroad in the US and prominent cloud hosting services provider Tietoevry.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
