Mississippi electric utility Yazoo Valley Electric Power Association yesterday confirmed it notified 20,997 people of an August 2024 data breach.
Ransomware gang Akira claimed responsibility for the attack, saying it stole Social Security numbers, internal corporate documents, and financial records.
Yazoo Valley has not verified Akira’s claim and has not publicly disclosed what data was compromised. We do not yet know if Yazoo Valley paid a ransom, how much Akira demanded, or how attackers breached the utility’s network. Comparitech contacted Yazoo Valley Electric for comment and will update this article if it replies.
“On or about August 26, 2024, we became aware of suspicious activity on our network,” Yazoo Valley’s notice to victims states. “On October 24, 2024, we completed our review and determined that a limited amount of personal information may have been accessed by an unauthorized party in connection with this incident. We then diligently worked to obtain address information for potentially affected individuals and completed this process on December 20, 2024.”
Yazoo Valley is offering eligible victims free credit monitoring via CyberScout, which implies Social Security numbers and/or other information that could be used for identity theft were among the compromised data. The deadline to enroll is April 30, 2025.
Who is Akira?
Akira is a ransomware gang that first emerged in March 2023. Its targets span education, finance, manufacturing, real estate, healthcare, and now utilities. It often extorts victims twice: once in exchange for a decryption key to restore systems, and again in exchange for not selling or publicly releasing stolen confidential data.
In total, Akira has claimed 105 confirmed ransomware attacks that compromised 796,000 record. Its average ransom is $825,000. The group claimed another 215 attacks in 2024 and 36 in 2025 that were not acknowledged by the targeted organizations (unconfirmed).
Akira’s other recently confirmed attacks include those on the Laramie County Library System and Furniture Mart USA.
Ransomware attacks on US utilities
Ransomware attacks on US utilities can interrupt services, billing, payroll, communications, and other computer-reliant systems. Utilities are forced to pay a ransom or face extended downtime and putting customers at increased risk of fraud.
Comparitech logged 13 confirmed ransomware attacks against US utilities in 2024, compromising 842,059 records.
Similar recent attacks include:
- Aiken Electric Cooperative was attacked by Qilin in September 2024, compromising 4,600 people
- OzarksGo was attacked by Play in October 2024
- Rumpke Consolidated Companies was attacked by Hunters International in July 2024, compromising 16,900 people
About Yazoo Valley Electric Power Association
Based in Yazoo City, Mississippi, Yazoo Valley Electric is a rural electric power association that serves six counties in Mississippi: Yazoo, Holmes, Warren, Issaquena, Sharkey, and Humphreys. According to its website, it has 9,398 residential customers, 977 commercial customers, and 54 employees.
