A Chicago construction and engineering firm that designs power grids is telling consumers it detected “unauthorized activity” that resulted in the theft of names and Social Security numbers.
According to a report by CNN, a memo distributed to members of an electricity sector information-sharing group says hackers used Black Basta ransomware on the firm Sargent & Lundy. The company did not return Information Security Media Group’s request for comment.
A law firm handling breach notification for Sargent & Lundy estimates the hackers stole personal data of more than 6,900 individuals.
“We took immediate action to contain the incident and began an investigation with the assistance of a cybersecurity firm,” the company tells consumers about the Oct. 15 incident. Sargent & Lundy has engineered 958 power plant units and more than 6,200 circuit miles of power delivery systems, the company website states.
CNN, citing two individuals familiar with the investigation, says defenders contained the Black Basta ransomware strain in a day.
Company spokeswoman Brenda Romero told CNN that the company informed law enforcement and is fully recovered from the incident, which does not appear to have a broader impact on other power-sector firms.
