AmeriGas is the largest US propane company, serving over 2 million customers locally in all 50 states from over 2,500 distribution locations. Recently, the company has disclosed a data breach that lasted briefly but managed to impact 123 employees.

The breach was reported to the Office of the New Hampshire Attorney General.

What Happened?

According to a sample data breach notification letter from June 4th, 2021, AmeriGas revealed that

On May 21, 2021, J. J. Keller & Associates, Inc. (“J. J. Keller”) notified AmeriGas of an incident that occurred on May 10th. J. J. Keller is a vendor used to assist AmeriGas with management of its employee-drivers’ DOT compliance, such as driving record review and drug and alcohol screening, which is required under federal DOT regulations.


According to BleepingComputer, J. J. Keller began investigating their network to discover that an employee had fallen victim to a phishing email, which resulted in the compromise of their account. During the 8-second access window, the hackers could view certain files within the employee’s compromised account.

After the breach was discovered, the employee’s account credentials were reset, and J. J. Keller began their forensic activities to find out the full scope of the attack.

After being alerted to the suspicious logon by its third-party managed security service provider, J.J. Keller changed the user’s password and multifactor authentication credentials. They also engaged legal counsel and cyber forensics experts to investigate and contain the issue. J.J. Keller also reviewed the files to determine the nature and scope of the information they contained. It determined that information relating to certain AmeriGas employees were located on these files.


By May 21st, the vendor informed AmeriGas that this 8-second breach exposed records of 123 AmeriGas employees present in the files viewable to the threat actor(s).

This is AmeriGas’ Second Security Incident This Year

Regrettably, this is not the first data breach incident for AmeriGas.

Back in March, the company revealed an attempted security breach, in which a company customer service agent was fired for potentially misusing customer credit card information.

We recently detected that there were unauthorized disclosures of credit card information to one of our customer service agents. We do not know whether your credit card information was shared but are writing in an abundance of caution. We investigated the issue as a precaution to further secure your information. The agent involved has been terminated and we have already implemented additional safeguards.


Since ransomware attacks and data breaches against critical energy companies are constantly growing, the need for increased security controls and security awareness training across organizations should be a top priority for businesses worldwide.

Think about your company’s cybersecurity from a holistic point of view and apply a “defense in depth strategy”, that should absolutely include patch management, email security, and ransomware encryption protection.

If you’re interested, you can find solutions that deal with all these aspects in the Heimdal™ Security offer.

Colonial Pipeline Hit with A Cyberattack Involving Ransomware [Updated]

51% of Organizations Have Suffered Data Breaches Caused by Third-Party Remote Access

Between November 2020 and February 2021, Vermont Health Connect Has Suffered 10 Data Breaches

Leave a Reply

Your email address will not be published. Required fields are marked *