(Update: March 5, 2024) Incident Awareness – Large Municipal Electric and Water Utility Experiences Ransomware Incident

Muscatine Power and Water (MPW) sent out breach notification letters last week informing impacted customers that their personal information may have been stolen in the cybersecurity incident on January 26. MPW stated that attackers were able to access names, social security numbers, driver’s licenses, and telephone service data (telephone number, minutes of usage, billed amount etc.) for 36,955 people. This represents a majority of MPW’s customers as they provide service for 50,000 residents in the Muscatine and Fruitland, Iowa area. The company reported it has not received reports to related identity theft, and that one year of credit monitoring service is being offered to victims. No ransomware gang has publicly taken credit for the incident. For more information, access MPW or The Record.

February 1, 2024
Muscatine Power and Water (MPW), the largest municipal electric utility in Iowa, suffered a cyber attack which the utility announced Monday. The incident was confirmed to be ransomware and was reportedly limited to its corporate network environment. According to MPW, the attack “resulted in Internet services for MPW customers going offline Friday evening” and did not impact the electrical or water systems. It is still unclear if any customer data has been stolen. The attack was first noticed by MPW on Friday evening. Internet services were restored early Saturday. For more information, access MPW, Quad-City Times or WQAD8.