A threat actor has claimed to have recently gained access to a third-party system, thereby acquiring sensitive information belonging to the State Grid Corporation of China (SGCC). SGCC is a state-owned electric utility corporation and the largest utility company in the world.
The alleged data breach includes several categories of information, such as corporate user accounts, user information, department details, and roles. The compromised data reportedly contains information on thousands of employees, including their eIDs, usernames, phone numbers, emails, employee numbers, and passwords.
The threat actor is offering this data for sale at $1000, with escrow services involved to facilitate the transaction. The data is available in SQL and XLSX formats.
For inquiries, the threat actor has provided contact details on Telegram.
The breach of such sensitive information from a major utility company like SGCC highlights the critical need for robust cybersecurity measures. As this situation develops, it will be important to monitor the potential implications for both the corporation and its employees.