Cyber Incident Victim: British Virgin Islands Electricity Corporation

On August 19, 2024, the British Virgin Islands Electricity Corporation (BVIEC) publicly disclosed it had fallen victim to a cyberattack impacting both internal and external operational systems. The corporation did not specify the attack vector, duration, or threat actor involved but confirmed the incident disrupted normal business functions. BVIEC initiated a coordinated response with cybersecurity experts and law enforcement agencies in the British Virgin Islands and the United Kingdom to investigate the breach and restore systems. No evidence of customer data compromise was explicitly confirmed or denied in the announcement. The disclosure occurred while BVIEC crews were actively restoring power across the territory following Tropical Storm Ernesto, creating concurrent operational challenges.

The cyberattack compounded existing service disruptions caused by the storm, which had required prioritization of main feeder line repairs before addressing individual residential outages. BVIEC’s restoration efforts at the time of the announcement focused on the Great Mountain and Josiah’s Bay areas, with Virgin Gorda having achieved full power recovery post-storm. Public statements urged patience from residents still without electricity, citing unforeseen technical obstacles. Customer comments expressed concerns about payment system reliability and potential billing inaccuracies during the cyber incident, though BVIEC did not detail alternative payment protocols. The corporation maintained its primary focus on resolving both the cyberattack’s technical impacts and storm-related infrastructure repairs without providing specific timelines for full resolution. Operational transparency remained limited to generalized assurances about restoration progress and investigative collaboration.