Texas Electric Cooperatives this week notified 1,352 Texans of a June 2024 data breach that compromised names, Social Security numbers, and driver’s license numbers.
Ransomware group Play claimed responsibility for the attack on June 11, 2024, but TEC’s notice (PDF) states that the unauthorized party stole files two weeks later, between June 21 and 25, 2024.
“TEC detected unauthorized access to our network on June 25, 2024 as a result of a cybersecurity incident that resulted in the access and acquisition of some of the data we maintain,” the notice says. “Upon learning of this issue, we contained the threat by disabling all unauthorized access to our network, restored all data, and immediately commenced a prompt and thorough investigation. We also notified law enforcement.”
TEC has not verified Play’s claim. We do not yet know how much Play demanded in ransom or whether TEC paid it. TEC has not stated how attackers breached its network. In addition to the notices sent to Texans, a few residents of other states were also affected, such as one individual in New Hampshire.
Comparitech contacted Texas Electric Cooperatives for comment and will update this article if it responds.
TEC is offering victims free credit monitoring via CyberScout to help prevent and detect identity theft. Victims should monitor their financial accounts and credit reports for signs of fraud.
Who is Play Ransomware?
First observed in June 2022, Play Ransomware has a history of targeting large organizations in healthcare, finance, manufacturing, real estate, education, and more. It’s known for double-extortion attempts that force victims to pay twice: once to decrypt systems, and again in exchange for not selling or publicly releasing stolen data.
Play claimed responsibility for 21 confirmed ransomware attacks so far in 2024, according to our data. We’ve tracked 88 Play attacks in total, affecting 817,000 records. Play’s other victims include the KC Scout traffic management system and the New York Legislative Bill Drafting Commission.
We logged a further 175 unconfirmed ransomware attacks claimed by Play so far this year.
Ransomware attacks on US utilities
In addition to data theft, ransomware attacks on utilities can disrupt service to customers, customer support via email and phone, payroll, billing, and other operations.
Comparitech researchers so far in 2024 recorded seven confirmed ransomware attacks on US utilities, which is already equal to last year’s total number of such attacks. Nearly 800,000 records were compromised in attacks this year, which is more than double 2023’s total figure. The majority of those records came from an attack on Frontier Communications, which affected more than 750,000 records.
Play claimed an attack on one other utility: LS Networks, a telco in Portland, Oregon.
Another 17 ransomware attacks on US utilities in 2024 have yet to be confirmed.
About Texas Electric Cooperatives
Texas Electric Cooperatives is a statewide association that represents 26 electric cooperatives across the state. It employs more than 250 people. The company is responsible for lobbying, hosting conferences, training co-op employees, assisting with the electric utility supply chain, and publishing a monthly magazine.