Karnes Electric Cooperative Hit by Qilin Ransomware Attack, Exposing Sensitive Data
Karnes Electric Cooperative, a not-for-profit electric utility serving 12 counties in South Texas and the Coastal Bend, suffered a ransomware attack in October 2025. The Qilin ransomware group claimed responsibility on October 14, 2025, alleging they exfiltrated 337 GB of internal data, including financial documents and personal information of employees and customers. The stolen data was later posted on the dark web via the TOR network.
The breach was officially reported to the Texas Attorney General’s office on February 9, 2026, with Karnes Electric notifying affected individuals by mail. While 598 Texas residents were confirmed impacted, the total number of affected individuals remains undisclosed.
Exposed data includes:
- Names, addresses, and Social Security numbers
- Driver’s license and government-issued ID numbers
- Medical and health insurance information
- Financial details, including account and payment card numbers
The law firm Shamis & Gentile P.A. is investigating potential class action claims for those affected, citing risks of identity theft and financial harm. The incident highlights the growing threat of ransomware targeting critical infrastructure providers.
Source: https://www.claimdepot.com/investigations/karnes-electric-cooperative-data-breach-2026
Karnes Electric Cooperative Inc cybersecurity rating report: https://www.rankiteo.com/company/karnes-electric-cooperative-inc
"id": "KAR1770674999",
"linkid": "karnes-electric-cooperative-inc",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '598 Texas residents (total '
'undisclosed)',
'industry': 'Utilities',
'location': 'South Texas and the Coastal Bend, USA',
'name': 'Karnes Electric Cooperative',
'type': 'Not-for-profit electric utility'}],
'customer_advisories': 'Notification to affected individuals by mail',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Driver’s license numbers',
'Government-issued ID numbers',
'Medical and health insurance '
'information',
'Financial details (account and '
'payment card numbers)']},
'date_detected': '2025-10',
'date_publicly_disclosed': '2025-10-14',
'description': 'Karnes Electric Cooperative, a not-for-profit electric '
'utility serving 12 counties in South Texas and the Coastal '
'Bend, suffered a ransomware attack in October 2025. The Qilin '
'ransomware group claimed responsibility, alleging they '
'exfiltrated 337 GB of internal data, including financial '
'documents and personal information of employees and '
'customers. The stolen data was later posted on the dark web '
'via the TOR network.',
'impact': {'data_compromised': '337 GB of internal data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action claims',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Posted on TOR network'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'Texas Attorney General’s office'}],
'regulatory_compliance': {'legal_actions': 'Potential class action '
'investigation by Shamis & Gentile '
'P.A.',
'regulatory_notifications': 'Reported to Texas '
'Attorney General’s '
'office on February 9, '
'2026'},
'response': {'communication_strategy': 'Notification to affected individuals '
'by mail'},
'threat_actor': 'Qilin ransomware group',
'title': 'Karnes Electric Cooperative Hit by Qilin Ransomware Attack',
'type': 'Ransomware'}