An unknown attacker claims to have hacked Pickett and Associates (Pickett USA), a Florida-based engineering firm, and is now selling a large amount of engineering data related to projects managed by major American energy companies. The asking price for the archive is 6.5 bitcoins. A publication cited by journalists estimates this figure at approximately $585,000.
Pickett USA serves clients in the energy and mining sectors in the United States and the Caribbean.
The company specializes in transmission line and distribution network design, project management, topographic surveys, aerial photography, and LiDAR technology (Lidar, a technology that uses laser scanning to create highly accurate 3D models of terrain and objects).
According to the advertiser, 892 files totaling approximately 139 GB were stolen from the company. In screenshots circulating on social media and industry resources, the vendor describes the content as “real operational engineering data” from ongoing projects and suggests using it for infrastructure analysis and risk assessment. The authenticity of these claims has not been independently confirmed, and the criminals themselves are, to put it mildly, not the most reliable source.
According to the description, the archive contains over 800 raw LiDAR points in .las format, where a single file can be hundreds of megabytes to several gigabytes in size. It presumably also contains coverage of transmission line corridors and substations with various layers (terrain, vegetation, cables, structures), as well as highly detailed maps, MicroStation project files, PTC settings, as well as vegetation datasets and other material from ongoing work. The seller is offering prospective buyers several samples “for review.”
The hacker claims the data concerns projects from Tampa Electric Company, Duke Energy Florida, and American Electric Power. The text also cites the size of these companies: Tampa Electric serves approximately 860,000 customers in west-central Florida, Duke Energy Florida serves approximately 2 million customers statewide, and American Electric Power serves nearly 5.6 million customers in 11 states. A representative for Pickett USA declined to comment in response to requests from reporters. The energy companies, according to the source, also did not respond to requests.
The criminal hackers’ claims, if true, are particularly alarming due to the “applied” nature of the data. If relevant data on power line routes, installations, and work were to fall into the wrong hands, it could prove useful not only for extortion, but also for more precisely planning infrastructure attacks. In this context, the author of the article notes that interest in critical sectors is growing among both nation-state-affiliated groups and purely criminal extortionists. Examples cited include allegations of long-term campaigns against the energy sector, the Volt Typhoon attacks, and the general trend of exerting pressure across the “border” between IT and operational technologies.
According to the FBI’s latest IC3 report, ransomware remained the top threat to organizations operating critical infrastructure in 2024: the number of reports increased 9% year-over-year, and critical infrastructure operators reported nearly 4,900 cyber threats, with ransomware (1,403 reports) being the most common type of incident. For this reason, any leak that provides attackers with additional information about objects and processes is viewed with extreme sensitivity by the industry, even if it’s simply allegations made on dark web forums.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
