Muscatine Power and Water, a utility company in eastern Iowa providing services to over 50,000 residents, recently confirmed a ransomware attack discovered on January 26, leading to the exposure of sensitive information from nearly 37,000 local residents. In breach notification letters sent out, the company revealed that the attackers accessed Social Security numbers and customer proprietary network information (CPNI) of affected individuals. Despite the breach, the company assured the public that no ransomware gang has claimed responsibility for the incident. Muscatine Power and Water has been actively working with cybersecurity forensic firms and state and federal authorities in an ongoing investigation into the incident. The company is also offering one year of credit monitoring services to victims.
The breach impacted various services provided by Muscatine Power and Water, including internet, TV, phone, water, and electric services. Although internet services were down for eight hours on the night of the attack, critical control systems at the power plant or in the field were reported to be unaffected. The breach notification emphasized that, as of now, there have been no reports of related identity theft resulting from the incident. Despite the lack of a ransomware gang taking credit, the utility company remains vigilant, keeping affected residents informed about the progress of the investigation.
