Mack Energy Corporation, an oil and gas exploration company headquartered in Artesia, New Mexico, suffered a ransomware attack in July 2025 by the hacking group Cicada3301. The attackers claimed to have exfiltrated 3.1 terabytes of sensitive data, including personally identifiable information (PII) such as names and Social Security Numbers (SSNs) of at least 413 individuals in Texas, as disclosed to the Texas Attorney General in November 2025. The group threatened to publish the stolen data within 19–20 days and posted sample screenshots on their dark web portal on July 9, 2025.The breach exposed highly sensitive employee and customer data, posing severe risks of identity theft, financial fraud, and long-term reputational damage. Affected individuals were notified via U.S. Mail, with legal firms like Shamis & Gentile P.A. investigating potential class-action lawsuits for compensation due to the company’s failure to protect the data. The incident highlights critical vulnerabilities in Mack Energy’s cybersecurity infrastructure, with far-reaching consequences for both internal stakeholders and external customers.
Source: https://www.claimdepot.com/investigations/mack-energy-data-breach-2025
TPRM report: https://www.rankiteo.com/company/mack-energy-corporation
"id": "mac0203502110825",
"linkid": "mack-energy-corporation",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '413 (in Texas)',
'industry': 'oil and gas exploration',
'location': {'headquarters': 'Artesia, New Mexico, USA',
'operations': ['southeastern New Mexico',
'West Texas']},
'name': 'Mack Energy Corporation',
'size': '900+ employees',
'type': 'private company'}],
'customer_advisories': 'U.S. Mail notifications sent to affected individuals '
'in Texas',
'data_breach': {'data_encryption': 'likely (ransomware attack)',
'data_exfiltration': 'yes (3.1 TB claimed by attackers)',
'number_of_records_exposed': '413 (in Texas; total unknown)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'high (includes Social Security '
'numbers)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)']},
'date_detected': '2025-07',
'date_publicly_disclosed': '2025-11-07',
'description': 'Mack Energy Corporation, an oil and gas exploration company, '
'suffered a ransomware attack in July 2025 by the group '
'Cicada3301. The attackers claimed to have exfiltrated 3.1 TB '
'of data, including personally identifiable information (PII) '
'such as names and Social Security numbers. The breach was '
'disclosed to the Texas Attorney General’s office in November '
'2025, affecting at least 413 individuals in Texas. The '
'company notified affected consumers via U.S. Mail.',
'impact': {'brand_reputation_impact': 'high (potential loss of trust due to '
'PII exposure and ransomware attack)',
'data_compromised': ['names', 'Social Security numbers'],
'identity_theft_risk': 'high (SSNs exposed)',
'legal_liabilities': 'potential (class action lawsuits and '
'regulatory scrutiny)'},
'initial_access_broker': {'data_sold_on_dark_web': 'potential (3.1 TB of data '
'threatened for '
'publication)'},
'investigation_status': 'ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'motivation': ['financial (ransom)', 'data theft', 'extortion'],
'ransomware': {'data_encryption': 'yes', 'data_exfiltration': 'yes (3.1 TB)'},
'recommendations': ['Monitor credit reports and financial accounts for '
'unusual activity.',
'Place a fraud alert or credit freeze with major credit '
'bureaus.',
'Keep records of suspicious activity or costs incurred '
'due to the breach.',
'Review legal options, including joining class action '
'lawsuits for compensation.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-11-07',
'source': 'Texas Attorney General’s Office Disclosure'},
{'date_accessed': '2025-07-09',
'source': 'Cicada3301 Dark Web Portal (sample screenshots '
'posted)'}],
'regulatory_compliance': {'legal_actions': 'potential (class action lawsuits '
'initiated by Shamis & Gentile '
'P.A.)',
'regulatory_notifications': ['Texas Attorney '
'General’s office '
'(disclosed on '
'2025-11-07)']},
'response': {'communication_strategy': 'U.S. Mail notifications to affected '
'individuals',
'incident_response_plan_activated': 'likely (notification to '
'Texas AG and affected '
'individuals)',
'law_enforcement_notified': 'yes (Texas Attorney General’s '
'office)'},
'threat_actor': 'Cicada3301',
'title': 'Mack Energy Corporation Ransomware Attack and Data Breach (2025)',
'type': ['ransomware', 'data breach']}