New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) today disclosed that they have suffered from a data breach, including unauthorized access to customer records which include customer names, Social Security numbers, dates of birth and, in some cases, financial institution account numbers.
The two companies, which are subsidiaries of Iberdrola USA, today began sending notifications to customers advising them of the breach.
NYSEG serves 878,000 electricity customers and 261,000 natural gas customers across more than 40% of upstate New York. RG&E serves 367,000 electricity customers and 303,000 natural gas customers in a nine-county region centered on the City of Rochester. According to a statement, the incident involved an employee at a consulting firm contracted by NYSEG and RG&E who allowed unauthorized access to one of the companies’ customer information systems.
NYSEG and RG&E are in contact law enforcement, and are working with computer forensics experts to further investigate the incident.
“There is no evidence that any customer data has actually been misused, or that there was any malicious intent,” the statement added. That being said, the companies are offering an a year of credit monitoring free of charge, to help identify possible fraudulent activity.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
