Mississippi electric utility warns 20,000 residents of a data breach.
The Yazoo Valley Electric Power Association, serving six Mississippi counties, experienced a cyberattack last summer. Initially, on August 26th, customers faced payment processing issues due to software problems, a situation resolved by August 30th.
A subsequent investigation revealed unauthorized access to network files on August 26th.
“A thorough investigation determined that an unauthorized actor accessed certain files on our network. We then conducted a thorough review of the potentially impacted data to determine the types of information contained therein and to whom the information related,” the organization stated in breach notification letters.
The review, completed October 24th, identified a “limited” amount of accessed personal information. The utility worked until December 20th to locate affected individuals. While the precise stolen data remains redacted beyond customer names, the Yazoo Valley Electric Power Association offered one year of identity protection services to all 20,997 affected individuals.
The affected area encompasses six counties—Yazoo, Holmes, Warren, Issaquena, Sharkey, and Humphreys—with a population nearing 100,000. The utility provides power to over 9,300 homes and almost 1,000 businesses.
Although the utility didn’t specify the attack’s nature, the ransomware gang Akira claimed responsibility in November. Akira, active since March 2023, boasts $42 million in earnings from approximately 250 attacks, targeting critical infrastructure, including a major railroad and a prominent cloud hosting provider, according to the FBI.
The gang claimed to have obtained documents containing Social Security numbers and company financial records. The incident highlights the vulnerability of even essential services to sophisticated cybercrime.
