Tennessee Valley Electric Cooperative and Spark Power: Qilin purports breach of US electric cooperative

Qilin Ransomware Gang Claims Breach of Tennessee Valley Electric Cooperative

The Qilin ransomware operation has allegedly breached the systems of Tennessee Valley Electric Cooperative (TVEC), which serves Wayne and Hardin Counties in West Tennessee, according to a report by Cybernews. While Qilin listed the attack on its dark web blog, it did not provide proof of stolen data, leaving the extent of the compromise unclear.

TVEC, a subsidiary of the federally owned Tennessee Valley Authority (TVA), has not publicly confirmed the incident. However, based on past Qilin attacks, potential targets may include employee records, customer data, or internal documents.

The ransomware group has a history of targeting U.S. electric cooperatives, including Karnes Electric Cooperative (23,000 households) and San Bernard Electric Cooperative (28,000 households) in 2025. Additionally, Qilin claimed to have exfiltrated 222 GB of data from Spark Power, a Canada-based electrical services provider with U.S. operations.

The incident underscores ongoing cybersecurity risks to critical infrastructure, particularly within the energy sector. No further details on the breach’s impact or TVEC’s response have been disclosed.

Source: https://www.scworld.com/brief/qilin-purports-breach-of-us-electric-cooperative

Tennessee Valley Electric Cooperative cybersecurity rating report: https://www.rankiteo.com/company/tennessee-valley-electric-cooperative

Spark Power ⚡ cybersecurity rating report: https://www.rankiteo.com/company/sparkpower

"id": "TENSPA1773109868",
"linkid": "tennessee-valley-electric-cooperative, sparkpower",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Energy',
                        'location': 'Wayne and Hardin Counties, West '
                                    'Tennessee, USA',
                        'name': 'Tennessee Valley Electric Cooperative (TVEC)',
                        'type': 'Electric Cooperative'}],
 'data_breach': {'type_of_data_compromised': ['employee records',
                                              'customer data',
                                              'internal documents']},
 'description': 'The Qilin ransomware operation has allegedly breached the '
                'systems of Tennessee Valley Electric Cooperative (TVEC), '
                'which serves Wayne and Hardin Counties in West Tennessee. '
                'While Qilin listed the attack on its dark web blog, it did '
                'not provide proof of stolen data, leaving the extent of the '
                'compromise unclear. TVEC, a subsidiary of the federally owned '
                'Tennessee Valley Authority (TVA), has not publicly confirmed '
                'the incident. However, based on past Qilin attacks, potential '
                'targets may include employee records, customer data, or '
                'internal documents.',
 'ransomware': {'ransomware_strain': 'Qilin'},
 'references': [{'source': 'Cybernews'}],
 'threat_actor': 'Qilin ransomware gang',
 'title': 'Qilin Ransomware Gang Claims Breach of Tennessee Valley Electric '
          'Cooperative',
 'type': 'Ransomware'}