Hackers claim breach of engineering firm, offer sale of info on three major US utilities

• Hackers claim to have stolen 800+ sensitive engineering files from Pickett and Associates, tied to major U.S. utilities
• Data includes LiDAR point clouds, orthophotos, design files, and transmission corridor maps, now for sale at ~$600,000
• Duke Energy is investigating; attackers also selling data from Germany’s Enerparc AG, signaling focus on critical infrastructure

Pickett and Associates, a Florida-based civil engineering, surveying, and geospatial services firm, has allegedly been hacked and had sensitive client data stolen.

Earlier this week, cybercriminals posted a new thread on a dark web forum claiming to have stolen more than 800 files from the company. The data, they say, is “real, operational engineering data from active projects of major utilities and is suitable for infrastructure analysis and risk assessment.”

Pickett and Associates’ clients are mostly investor-owned utilities, municipalities, electric cooperatives and mining operations across the United States and the Caribbean, which ...