New England’s largest energy provider, Eversource experienced a data breach after sensitive details of customers were exposed on an unsecured cloud server. Eversource Energy is New England’s latest energy provider, supplying 4.3 million electric and natural gas customers across Connecticut, Massachusetts, and New Hampshire.
According to a data breach notice shared with BleepingComputer, Eversource Energy is warning customers that their name, address, phone number, social security number, service address, and account number were exposed due to an unsecured cloud storage server. Eversource is also providing a free one-year identity monitoring service via Cyberscout to those who have been affected by the data breach.
Eversource claims that there is no evidence that any of this information was obtained or misused by unauthorized individuals at this time. Although this is possible, BleepingComputer suggests that users sign up for Eversource’s free identity theft monitoring to be which notify the users if their social security number is used fraudulently.
When the Eversource customer called Cyberscout to learn more about the data breach after receiving the breach notice. They were eventually sent an internal frequently asked questions (FAQ) guide, which Cyberscout employees used to respond to questions about the breach.
According to the FAQ shared with BleepingComputer, Eversource conducted a security review on March 16th and discovered an “internet data storage folder” that was misconfigured, allowing anyone to access its contents. They immediately protected the unsecured folder after discovering it and started investigating what data was stored on it.
The unsecured folder comprised of unencrypted files containing the personal details of 11,000 Eversource eastern Massachusetts customers which were created in August 2019.
Affected users should also be on the lookout for phishing emails posing as Eversource or other companies and harvesting additional details using the exposed data.
Affected users should also be on the lookout for phishing emails posing as Eversource or other companies and harvesting additional details using the exposed data.
Several utility firms, including EDP Renewables North America, Centrais Eletricas Brasileiras (Eletrobras), Companhia Paranaense de Energia (Copel), and the Enel Group, have been attacked by ransomware attacks and network breaches in the last two years.
Threat perpetrators recently breached a water treatment plant in Oldsmar, Florida, and attempted to raise the sodium hydroxide (NaOH) cleanser concentration to dangerous levels.
Threat perpetrators recently breached a water treatment plant in Oldsmar, Florida, and attempted to raise the sodium hydroxide (NaOH) cleanser concentration to dangerous levels.
These breaches, as well as EverSource’s less destructive breach, highlight the need for utilities to improve their security posture in order to avoid potential leaks and attacks.
