Lubbock Power & Light
Breach Analysis

• 2025-04-14

  IT disruption detected across billing and customer service systems
• 2025-04-15

  Customer portal taken offline; payment systems impacted
• 2025-04-28

  Systems progressively restored; forensic scope under determination
• 2025-05-30

  Customer notification process initiated

How they got in

Ransomware targeting billing and customer information systems. Utility IT/OT boundary was maintained. Initial vector under investigation.

Sentinel / Fortress / Command coverage

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Regulatory exposure

5-point hardening list

• 1
  IT/OT segmentation validation: billing and customer systems isolated from SCADA/OT; boundary tested annually
• 2
  Offline billing backup: WORM-compliant; restore tested monthly — no ransom payment required for recovery
• 3
  Ransomware-specific SIEM rules tuned for utility billing system behavioral patterns
• 4
  Customer portal hardening: WAF, bot detection, and rate limiting on public-facing utility web apps
• 5
  Utility IR playbook: coordinate with CISA, ERCOT, and PUCT on notification obligations for cyber events

• → Lubbock Power & Light
• → CISA Energy Sector Advisories
• → DataBreaches.net

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.