The situation stems from a 2023 incident in which a CPS third-party vendor, CLEAResult, was part of a "vulnerability exploit." The utility said its own systems were not impacted and that the vendor had "taken steps to prevent future issues."
However, a hacker alleging to have information from the 2023 breach has been posting to a cyber criminal forum, prompting renewed concerns. It's also a reminder of the escalating threat to critical infrastructure from cyber attacks.
CLEAResult, an energy efficiency consulting firm, used a file sharing program called MOVEit that was compromised in May 2023. A report from Emisoft, a cybersecurity firm, estimated that more than 2,700 organizations were affected by the attack and that the records of nearly 96 million people were exposed.
Houston -based CenterPoint was also a victim. It told cybersecurity news site the Record it had no reason to believe its own network was compromised. CenterPoint told the Record it was still assessing the data that may have been exposed by the hacker making the recent forum posts.
CPS said the compromised data did not include any identifying information of its customers.
Utilities and health care providers are often targets of ransomware attacks, where hackers steal data to either sell on the dark web or extort money from institutions or businesses.
CPS is taking steps to increase its own security. Its in the midst of a technology overhaul that's to include infrastructure updates that will increase protection against the growing number of online security risks to the electric grid and utilities.
"We get thousands of attempts a day," CPS President and CEO Rudy Gaza said during a 2023 panel hosted by the United States Energy Association. "We've got really great cybersecurity experts that help protect us. We've got a great collaboration of government entities across our community that help protect one another."
In 2017, CPS Energy reported it withstands roughly 94,000 attempted cyber attacks a day as hackers in China, Russia and elsewhere scour its network for weaknesses to try to infiltrate its systems and disrupt power supplies in Texas. That number would be much higher today.
Cyber attacks against U.S. utilities surged 70% last year, according to data from Check Point Software's research arm.
So far, the attacks have not crippled any U.S. utility but industry experts say a coordinated attempt could be devastating, impacting essential services and causing financial losses.
There were 1,162 cyber attacks on average through August this year, compared to 689 in 2023, Check Point data showed.
Such statistics have caught the attention of state and local officials.
Gov. Greg Abbott made creation of a Texas Cyber Command to guard against cyber attacks an emergency item for the Legislature. The command is to be based in San Antonio but other details are scant.
In December, Councilwoman Marina Alderete Gavito said she wanted CPS and the the San Antonio Water Authority to give the city semi-annual reports on their efforts against cyber attacks.
In general, the councilwoman said she wanted to add an extra layer of scrutiny to the utilities' efforts because of the frequency of attacks.
When CPS sought council approval for a rate increase in late 2023, one of the reasons it cited was its need to replace its 20-year-old computer system in part to better guard against cyber attacks.
In April, CPS Energy selected Austin-based Oracle to lead the 10-year overhaul of the software system. During a recent board meeting, CPS trustees approved a $150 million budget increase for software project to cover IT support.
©2025 the San Antonio Express-News, Distributed by Tribune Content Agency, LLC.
