Ikeja Electric suffers data breach, targeted in ransomware attack 

ByteToBreach, a notorious group of hackers connected to the massive data breaches of Sterling Bank, the CRC Credit Bureau, the Corporate Affairs Commission (CAC), and Remita, has disclosed that it gained access to the database of Ikeja Electric Distribution Company, revealing the use of ransomware on dozens of systems and stealing of confidential customer and employee information.

The claim was published on DarkForum, an English-language dark web platform known for the exchange of stolen databases, hacking tools, and malware. 

The group disclosed gaining access to Ikeja Electric’s internal programmes, corrupting virtualised infrastructure, stealing employee passwords, extracting data from business systems, including metering platforms, and mapping elements of the organisation’s internal directory structure.

A spokesperson for Ikeja Electric Distribution Company, Kingsley Okotie, told Economy Post that he was unaware of the hack. He stated in a WhatsApp chat that he would revert with the company’s actual position – if need be.

READ ALSO: Electricity, DSTV, data, petrol costs: Life is getting harder under Tinubu’s administration

As of the time of filing this report, neither an independent confirmation of the purported breach nor verifiable evidence of a system-wide interruption impacting customers has been provided by Ikeja Electric. Additionally, no official statement regarding the occurrence has been released by the Nigerian government or sector regulators.

ByteToBreach alleged deep access.

ByteToBreach describes a multi-stage infiltration in its statement, beginning with internal server access and advancing to a larger network breach. The group claims it has accessed virtual machine environments used for internal operations and infected dozens of PCs with ransomware.

It also claims to have extracted internal software and database resources, while acquiring and cracking password data associated with employee accounts. If accurate, these claims would mean that critical identity infrastructure and perimeter systems have been compromised.

ByteToBreach’s published text also claimed the alleged interruption of several utility management and metering platforms used by Ikeja Electric, including systems connected to suppliers like Siemens and other metering technology suppliers.

There has not been any outage or service interruption that has been formally connected to a cyberattack in Nigeria so far. The hacker’s claims draw attention to a major issue facing the industry: the growing digitisation of energy distribution infrastructure and its vulnerability to cyberattacks.

Due to their reliance on interconnected billing, metering, and customer management systems, utility firms around the world have recently become common targets of ransomware operations.