Hackers Hammer Texas Electric Cooperatives in Alleged Ransomware Breach

Cybercriminal group Qilin has claimed responsibility for ransomware attacks on two Texas electric cooperatives, San Bernard Electric Cooperative and Karnes Electric Cooperative. Paulina Okunytė of Cyber News writes that the alleged stolen data is posted on Qilin’s dark web leak site. 

San Bernard Electric Cooperative operates nearly 3,900 miles of distribution lines across eight counties. Karnes Electric manages about 5,000 miles across twelve counties.

Between them, the Texas electric cooperatives supply power to tens of thousands of households. They form part of the United States’ critical infrastructure, where cybersecurity failures could pose both operational and national security risks.

According to Cybernews, data samples linked to the cooperatives include first incident reports, insurance and budget documents, invoices, easement contracts, and member or director information containing personal and financial details.

Cybernews researchers cautioned that the authenticity of the leaked materials remains unverified, noting that ransomware actors sometimes recycle old data to feign new breaches.

If authentic, the exposure could threaten the companies’ reputations and reveal sensitive business or personal information.

The Qilin ransomware gang, believed to have Russian ties, has become one of the most active cybercriminal groups globally. Since early 2025, Qilin has claimed responsibility for over 500 attacks targeting sectors including telecommunications, automotive, healthcare, and manufacturing.

The group’s operations demonstrate a strategic escalation in scale and coordination, particularly following its recent collaboration with other major ransomware organizations such as LockBit and DragonForce.

Legal teams should note that, besides the cybersecurity threat these groups pose, the allegedly stolen internal documents from the cooperatives, which include details of company directors’ personal lives, can have in-house repercussions. 

The alleged breaches serve as a reminder that the ransomware ecosystem underscores the importance of robust breach response planning, contractual data security requirements, and effective coordination with regulators and law enforcement.