Data Breach at New England’s Largest Energy Provider
On March 16, New England’s largest energy provider, Eversource, discovered that one of its cloud data storage folders was misconfigured, allowing anyone to access the files rather than protecting them. The folder was created in August 2019 and stored information in an unencrypted format, making the data breach a prolonged incident. The company serves more than 3.6 million electric and natural gas customers across Connecticut, New Hampshire, and Massachusetts. Researchers launched an investigation into the breach, finding that the unsecured folder contained information belonging to customers residing in eastern Massachusetts.
Data exposed in the breach includes names, addresses, phone numbers, Social Security numbers, billing addresses, and Eversource account numbers. The folder was secured almost immediately after the company became aware of the issue. Eversource’s security team does not believe that the information was accessed, stolen, or misused by any threat actors or unauthorized third parties. Cybersecurity company CyberScout estimated that the data breach impacted roughly 11,000 customers.