Cyber Incident Victim: Delta-Montrose Electric Association
Date:
Nov 2021
Location:
United States of America
Summary
A Colorado energy cooperative suffered a cyberattack that corrupted 25 years of data, including documents, spreadsheets, and forms, while disrupting internal networks, payment processing, billing platforms, phone services, and email systems for weeks. Although the power grid and fiber network remained unaffected, the attack caused extensive operational damage, forcing the organization to implement temporary payment arrangements, suspend penalties and disconnections, and undertake a phased restoration of services. The cooperative engaged cybersecurity experts for investigation and recovery but confirmed no breach of sensitive customer or employee data despite significant data loss and prolonged system rebuilding efforts impacting billing cycles and member services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 7, 2021, Delta-Montrose Electric Association (DMEA), a Colorado energy cooperative, detected anomalies that escalated into a cyberattack disrupting most internal network services. The incident corrupted critical operational documents, spreadsheets, and forms across its support systems, payment processing tools, billing platforms, and customer-facing applications. While DMEA avoided explicitly labeling the event as ransomware, the deliberate corruption of stored data and prolonged network compromise aligned with such attacks. Internal phone and email systems remained nonfunctional for weeks, though the power grid and fiber optic infrastructure were unaffected. The cooperative engaged cybersecurity experts to investigate the breach, which specifically targeted segments of its internal network. Recovery efforts faced significant hurdles, forcing DMEA to operate with limited functionality nearly a month post-incident while prioritizing a phased restoration strategy.
The attack’s operational impacts necessitated temporary payment arrangements and the suspension of late fees and service disconnections through January 31, 2022. Billing and payment processing capabilities were projected to resume the week of December 6–10, 2021, resulting in anticipated back-to-back bills for customers during winter and holiday periods. CEO Alyssa Clemsen Roberts confirmed extensive damage to saved data, including historical records spanning 25 years, but asserted no compromise of sensitive customer or employee information. External analysts noted the absence of confirmed ransom demands as unusual, highlighting the financial burden on the member-owned cooperative from response and recovery costs. DMEA maintained focus on restoring services systematically, emphasizing operational safety and economic efficiency throughout the reconstruction of its network infrastructure.