The Qilin ransomware gang claims to have stolen 222GB of data from Spark Power, a Canadian electrical services provider. No evidence has been released, but the group has a history of attacking U.S. energy companies, raising concerns for critical infrastructure.
On November 15, the cybercriminal group Qilin listed Spark Power as a victim on its dark-web leak site, asserting that it exfiltrated 222GB of corporate data. Spark Power operates widely across Canada and the U.S., handling maintenance, emergency repairs, monitoring, and other essential electrical operations.
However, Qilin did not publish any data samples, leaving the alleged breach unverified. Cybernews analysts note that the stolen data could range from routine business files to sensitive operational, financial, or employee information.
Experts note that the data could include both “regular business documents” and potentially dangerous information, such as:
operational documents;
internal procedures;
financial files;
personal data of employees;
information that could affect the efficiency of repair and emergency work.
Spark Power has not confirmed the incident, and the company has not yet responded to requests for comment.
Qilin is among the most active ransomware groups worldwide. According to Cybernews’ Ransomlooker, the gang has listed approximately 995 victims since 2023.
In October, Qilin attacked two Texas electrical cooperatives—San Bernard Electric Cooperative and Karnes Electric Cooperative—stealing internal documents, employee data, and financial reports. The gang is believed to have Russian ties and recently formed an alliance with LockBit and DragonForce, which experts say could boost its attack capabilities.
Qilin is also behind major incidents involving:
SK Telecom (1TB stolen data)
Asahi Holdings (massive production disruptions in Japan)
Nissan Creative Box (4TB of design data stolen)
Synnovis Laboratories (over 10,000 medical appointments canceled)
California Golf Club of San Francisco (10GB of member data stolen)
Although Qilin has offered no proof of the Spark Power breach, its growing activity and history of targeting critical infrastructure make the threat significant. Even unconfirmed leak-site listings are often used to pressure companies during extortion attempts. North American energy providers must strengthen cybersecurity measures as ransomware groups continue escalating attacks.
