Karnes Electric Data Breach Exposes PHI and PII Including SSNs and Medical Info

On Feb. 9, 2026, Karnes Electric Cooperative, Inc., a member-owned utility serving rural communities in South Texas, disclosed a data breach that has, so far, affected 598 Texans. The breach was the result of a ransomware attack by the Qilin group, a known cybercriminal organization.

On Oct. 14, 2025, Qilin claimed responsibility for infiltrating Karnes Electric’s systems and stealing approximately 337 GB of internal data. This haul reportedly contained sensitive financial documents as well as personal information belonging to both employees and customers.

The stolen data was later posted on the dark web, increasing the risk of identity theft and fraud for those affected.

According to the official report filed with the Texas Attorney General, the breach exposed a wide range of sensitive personal and financial information.

The compromised data included both PHI and PII, including names, addresses, Social Security numbers, driver’s license numbers, government-issued identification numbers such as passport and state ID card numbers, credit or debit card numbers, financial account numbers, medical information, and health insurance information.

Karnes Electric Cooperative notified impacted individuals by U.S. mail.

Karnes Electric Cooperative's response

Given the nature of the breach and the types of information exposed, affected individuals are strongly encouraged to take steps to protect themselves. This includes monitoring credit reports, placing fraud alerts or credit freezes with major credit bureaus, and watching for suspicious activity on financial accounts and health insurance statements.

Since Social Security numbers, financial account details and health information were involved, individuals should also be vigilant for potential phishing attempts or fraudulent communications.

While the company has not publicly detailed additional support resources, it is common in these situations for organizations to offer credit monitoring or identity theft protection services. Affected members should review the mailed notice carefully for information on any such services and instructions on how to enroll.