Iowa electric, water utility says info of nearly 37,000 leaked in January ransomware attack

A utility company controlling the water, electricity and internet for a town in eastern Iowa confirmed that a January ransomware attack led to the exposure of sensitive information from nearly all local residents.

Muscatine Power and Water — providing the Muscatine and Fruitland area with internet, TV, phone, water, and electric services for more than 50,000 people — has warned the public for weeks that it was dealing with a ransomware attack discovered on January 26.

In breach notification letters sent out last week, the company said 36,955 people had their Social Security numbers accessed by the hackers alongside telecommunications subscriber data called customer proprietary network information (CPNI).

“After the comprehensive forensic investigation into this incident concluded, we discovered that your name, Social Security Number and CPNI pertaining to telephone service (billed amount, telephone number, call details, including minutes of usage) may have been exposed in the attack. We have had no reports of related identity theft as a result of this incident,” the company said, noting that one year of credit monitoring services is being offered to victims.

No ransomware gang has taken credit for the incident. In the breach notification letters and in notices to customers in January, the company said the hackers were able to gain access to its corporate network environment.

In an update on February 12, the company said internet services on the night of the attack were down for eight hours and business systems were restored over several days.

“Additionally, at no time were critical controls systems at the power plant or in the field at risk,” the company explained.

“At this time, the forensic investigation has revealed that some current and former customer data, such as address, social security number, driver’s license, etc. may have been potentially exposed in this incident.”

The company told its board of trustees last week that it is still working with cybersecurity forensic firms along with state and federal authorities on its investigation into the incident.