Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.

Statement from Burlington Electric Department:

"Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks," said Mike Kanarick, spokesman for Burlington Electric Department. "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully."

CORRECTION: An initial version of the story stated Russia penetrated the U.S. Grid. Recchia of the Public Service Board and Kanarick of Burlington Electric Department said the grid was not compromised.

There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all their computers and found the code in a single laptop that was not connected to the electric grid.

Apparently, the Post did not even bother to contact the company before running its wildly sensationalistic claims, so they had to issue their own statement to the Burlington Free Press which debunked the Post’s central claim (emphasis in original): “We detected the malware in a single Burlington Electric Department laptop NOT connected to our organization’s grid systems.”

So the key scary claim of the Post story – that Russian hackers had penetrated the U.S. electric grid – was false. All the alarmist tough-guy statements issued by political officials who believed the Post’s claim were based on fiction.

Even worse, there is zero evidence that Russian hackers were responsible even for the implanting of this malware on this single laptop. The fact that malware is “Russian-made” does not mean that only Russians can use it; indeed, like a lot of malware, it can purchased (as Jeffrey Carr has pointed out in the DNC hacking context, assuming that Russian-made malware must have been used by Russians is as irrational as finding a Russian-made Kalishnikov AKM rifle at a crime scene and assuming the killer must be Russian).

As the actual truth emerged once the utility company issued its statement, the Post rushed to fix its embarrassment, beginning by dramatically changing its headline:

The Washington Post first reported the finding, suggesting that Russian hackers had gained access to the electrical grid via the Vermont utility, however the company's statement says there's no indication that happened. In a statement, it said the laptop in question was not connected to grid systems. Vermont Public Service Commissioner Christopher Recchia told the Burlington Free Press that the grid was not in danger.

Because it's not clear exactly what matched, there's a possibility that it could be the result of a false positive, or shared code. Also, it's not clear when or how the malware got on the laptop. Based on those reasons, a number of security professionals on Twitter suggested waiting for more details before crediting this finding to Grizzly Steppe (a name attributed to the Russian attacks in Wednesday's report).