Recent reporting has revealed a troubling claim involving the possible exposure of sensitive infrastructure data tied to major U.S. utility providers. A cybercriminal operating on underground forums alleges they have stolen a large cache of engineering and mapping files from Pickett and Associates, a Florida-based engineering services firm that works closely with electric utilities across the United States. According to the claim, the stolen data is being offered for sale for approximately 6.5 Bitcoin, a price that translates to roughly $585,000 at current exchange rates.

Nature of the Alleged Data Breach

The seller asserts that the compromised dataset totals around 139 gigabytes and consists primarily of technical files used in utility planning and infrastructure development. These materials allegedly include hundreds of raw LiDAR point-cloud files, which are often used to create precise three-dimensional models of transmission corridors, substations, and surrounding terrain. Such data is commonly collected via aerial surveys and is essential for designing, maintaining, and upgrading power infrastructure.

In addition to LiDAR data, the archive reportedly contains high-resolution orthophotographs, which provide detailed, geographically accurate aerial imagery. The dataset is also said to include multiple forms of engineering and design files, such as those with .las, .ecw, and .xyz extensions, along with broader project documentation and infrastructure mapping materials. To bolster the credibility of the sale, the individual behind the listing released four sample files as proof that they possess the data they claim to be selling.

Utilities Potentially Affected

Pickett and Associates is known to provide engineering and surveying services to several major U.S. utility operators. Among the organizations referenced in connection with the alleged breach are Tampa Electric Company, Duke Energy Florida, and American Electric Power. These companies manage extensive power generation and distribution networks that serve millions of customers, making any exposure of detailed infrastructure data a serious concern.

Responses From Involved Parties

At the time the claims became public, Pickett USA declined to comment on the alleged incident, neither confirming nor denying whether a breach had occurred. This lack of response leaves open questions about how the data may have been accessed and whether internal systems were compromised.

Among the utilities mentioned, Duke Energy Florida acknowledged awareness of the situation and stated that it was actively investigating the claims. The company emphasized that its cybersecurity teams continuously work to protect systems and sensitive information. Other utilities named in connection with the data had not issued public statements at the time of reporting.

Broader Cybersecurity Implications

If the claims prove accurate, the incident would highlight a growing and concerning trend: the increasing focus by cybercriminals on critical infrastructure and the companies that support it. Detailed engineering and geospatial data can be extremely valuable to malicious actors. Such information may be used for reconnaissance, helping attackers understand the physical layout and vulnerabilities of power systems without ever needing direct access to operational networks.

The same individual offering the U.S. utility data has also claimed to be selling an internal database belonging to Enerparc AG, a Germany-based solar energy firm. That dataset allegedly contains sensitive information about renewable energy projects, suggesting that the threat actor may be targeting energy infrastructure across multiple countries.

Why This Matters

Utility operators and the firms that support them are especially attractive targets for cybercrime. Stolen design documents and mapping data can potentially be used to plan physical sabotage, identify weak points in grid infrastructure, or support cyberattacks against operational technology (OT) systems. Even when such data is not used directly for attacks, it can fuel extortion attempts or be resold to other criminal groups.

Historically, utilities have faced increasing pressure from ransomware gangs, espionage-driven intrusions, and financially motivated hackers. As energy systems become more interconnected and reliant on digital tools, the value of behind-the-scenes engineering data continues to rise. Incidents like this serve as a reminder that cybersecurity risks extend well beyond control rooms and networks, reaching into the design files, surveys, and planning documents that underpin modern infrastructure.

In short, whether or not the claims are ultimately verified, the situation underscores the urgent need for robust data protection, vendor security oversight, and continuous monitoring across the entire utility supply chain.