Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

New York State Electric & Gas and Rochester Gas and Electric Suffer Data Breach

New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) today disclosed that they have suffered from a data breach, including unauthorized access to customer records which include customer names, Social Security numbers, dates of birth and, in some cases, financial institution account numbers.

New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) today disclosed that they have suffered from a data breach, including unauthorized access to customer records which include customer names, Social Security numbers, dates of birth and, in some cases, financial institution account numbers.

The two companies, which are subsidiaries of Iberdrola USA, today began sending notifications to customers advising them of the breach.

NYSEG serves 878,000 electricity customers and 261,000 natural gas customers across more than 40% of upstate New York. RG&E serves 367,000 electricity customers and 303,000 natural gas customers in a nine-county region centered on the City of Rochester. According to a statement, the incident involved an employee at a consulting firm contracted by NYSEG and RG&E who allowed unauthorized access to one of the companies’ customer information systems.

NYSEG and RG&E are in contact law enforcement, and are working with computer forensics experts to further investigate the incident.

“There is no evidence that any customer data has actually been misused, or that there was any malicious intent,” the statement added. That being said, the companies are offering an a year of credit monitoring free of charge, to help identify possible fraudulent activity.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...