The companies – New York State Electric & Gas and Rochester Gas and Electric, both subsidiaries of Iberdrola USA – sent letters this week to customers warning them of a possible data breach involving an employee at a third-party contractor who allowed unauthorized access to customer information systems. Both companies have a combined 1.8 million electricity and natural gas customers in New York.
The companies stressed in a news release that they have no evidence that the data were misused or that there was malicious intent on the part of the employee. They have informed law enforcement, hired computer forensics experts to investigate the incident, and are offering credit monitoring services to customers.
The New York Public Service Commission said it was investigating the possible data breach at the power companies. “Public utilities are custodians of a great deal of personal customer information. As a result of this apparent data security breach, I have asked staff of the Department of Public Service to immediately initiate an investigation of the facts and circumstances surrounding this event”, said Commission Chairman Garry Brown.
The investigation will focus on the adequacy of the company’s plan to identify, communicate with, and assist any affected utility customers, as well as the root causes of the security breach and the measures in place to protect against such a breach, Brown explained.