Yazoo Valley Electric Power Association reports data breach exposing 20k residents

Yazoo Valley Electric Power Association, a Mississippi-based electric utility, is reporting a cybersecurity incident that affected their payment processing systems and led to a data breach. The incident was first detected on August 26, 2024, when the utility reported "software problems" through social media that prevented them from processing payments. The system was restored by August 30, 2024.

The breach affected 20,997 individuals across the utility's service area, which covers six Mississippi counties: Yazoo, Holmes, Warren, Issaquena, Sharkey, and Humphreys. The utility serves more than 9,300 homes and nearly 1,000 businesses in the region.

While the utility did not officially confirm the attack type, the Akira ransomware gang claimed responsibility for the incident in November 2024.

The exposed sensitive information reportedly includes:

• Names
• Social Security numbers (according to Akira's claims)
• Company financial records (according to Akira's claims)

The utility is has sent breach notification letters to regulators and individuals and is offering affected individuals one year of complimentary identity protection services.