PAL A.I CyberSecurity Scoring
PAL
Company Information
Website:http://www.pickettusa.com
Employees number:135
Number of followers:5,571
NAICS:237
Industry Type:Civil Engineering
Homepage:pickettusa.com
PAL Risk Score (AI oriented)
Between 650 and 699
PALCivil Engineering
Updated:
09/03/2026
09/03/2026
688/1000
Weak
B
PAL Global Score (TPRM)
xxxx
PALCivil Engineering
Score locked

PALWeak
Current Score
688B (WEAK)
01000
1 incidents
-70 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
693
JUNE 2026
692
MAY 2026
690
APRIL 2026
690
MARCH 2026
689
FEBRUARY 2026
687
JANUARY 2026
755
Breach
01 Jan 2026 • PAL
Enerparc AG and Pickett and Associates: Hackers claim breach of engineering firm, offer sale of info on three major US utilities
Hackers steal 800+ sensitive engineering files from Pickett and Associates tied to major U.S. utilities
685
CRITICAL-70
ENEPIC1767646937
Cybercriminals Claim Theft of 800+ Sensitive Engineering Files from U.S. Utilities Firm
Hackers have allegedly stolen over 800 sensitive engineering files from Pickett and Associates, a Florida-based civil engineering and geospatial services firm, and are offering the data for sale on a dark web forum for 6.5 bitcoin (≈$600,000). The compromised files include LiDAR point clouds, orthophotos, transmission corridor maps, design files, and vegetation feature data, reportedly tied to major U.S. utilities.
Among the affected clients are Tampa Electric Company, Duke Energy Florida, and American Electric Power, though the full list remains undisclosed. The stolen data—used for infrastructure analysis and risk assessment—includes raw LiDAR files (.las), high-resolution orthophotos (.ecw), MicroStation design files, and detailed transmission line corridor mappings covering bare earth, vegetation, conductors, and substations.
Duke Energy confirmed it is investigating the claims, stating its cybersecurity team is taking "necessary actions" to assess the incident. The same threat actor is also selling an internal database from Germany’s Enerparc AG, suggesting a broader focus on critical infrastructure targets.
Pickett and Associates has not commented on the breach. The incident underscores growing cyber threats to energy sector supply chains and operational security.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
755
NOVEMBER 2025
755
OCTOBER 2025
755
SEPTEMBER 2025
755
AUGUST 2025
755
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for PAL ??
What was PAL's A.I Rankiteo Cyber Score in June 2026 ??
What was PAL's A.I Rankiteo Cyber Score in May 2026 ??
What was PAL's A.I Rankiteo Cyber Score in April 2026 ??
What was PAL's A.I Rankiteo Cyber Score in March 2026 ??
What was PAL's A.I Rankiteo Cyber Score in February 2026 ??
What was PAL's A.I Rankiteo Cyber Score in January 2026 ??
What was PAL's A.I Rankiteo Cyber Score in December 2025 ??
What was PAL's A.I Rankiteo Cyber Score in November 2025 ??
What was PAL's A.I Rankiteo Cyber Score in October 2025 ??
What was PAL's A.I Rankiteo Cyber Score in September 2025 ??
What was PAL's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on PAL's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with PAL ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view PAL's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?