Cyberattack Cost Michigan Utility $2M, 14 Employees

A utility company in Lansing, Mich., is still transitioning back to stability after a cyberattack temporarily disabled the company’s internal network and required it to pay a $25,000 ransom.

Dick Peffley, general manager for the Board of Water & Light, confirmed this week that 13 information technology employees as well as the emergency management director left after an April 2016 cyberattack that officials said didn’t compromise any customer or employee data.

Records obtained by the Lansing State Journal show the cyberattack cost the utility about $2 million.

Todd Bertolozzi, one of the IT employees who left the company, said utility ratepayers should be concerned about BWL’s security because of the staffing losses.

“Every time you lose somebody, especially in IT, there’s a little bit of chaos for three to six months — at least,” Bertolozzi said. “When 14 people resign from any department, something is going on that’s not normal.”

Peffley said none of the employees who left were asked to resign, nor did they receive severance packages.

“This is out of a group of over 50 employees,” Peffley said of the 14 departures. “We are routinely monitoring workloads, as we do in every department here at the BWL, and if we need to bring in contract labor, we do. We have no issue keeping up with our demand.”

Utility officials said the cyberattack shut down its accounting and email systems after an employee unsuspectingly clicked on an email with an infected attachment. The attack required BWL to shut down phone lines, including a customer service line often used for account inquiries.

“While the number of cyberattacks globally has recently grown, no one can make a guarantee we won’t be attacked again,” Peffley said. “However, the BWL has devoted resources to security, restoration and resilience measures to minimize the odds of an attack, and to help us recover after in the event we are hit.”

Topics Cyber Michigan