Unsecured Cloud Storage Led to Data Breach at Eversource Energy
There Is No Evidence That Any of the Data Has Been Exploited by Unauthorized People, the Company Stated.
Eversource Energy, a publicly-traded, Fortune 500 energy organization has announced it fell victim to a data breach after clients’ sensitive data was disclosed on an unsecured cloud server.
The company is headquartered in Hartford, Connecticut, and Boston, Massachusetts, with several regulated subsidiaries offering retail electricity, natural gas service, and water service to more than 4 million clients in Connecticut, Massachusetts, and New Hampshire.
Eversource Energy clients are informed through a data breach announcement that the unsecured cloud storage system revealed their name, address, phone number, social security number, service address, and account number.
A free 1-year identity monitoring assistance through Cyberscout is being provided by the organization to the customers who suffered following the data breach.
In order to ho help the customers who were calling Cyberscout to find out more about the data breach, the company gave them an internal frequently asked questions documentation. The document is used by Cyberscout staff to answer clients’ questions about the data breach.
Following the document shared with BleepingComputer, the energy company conducted a security examination on March 16 and discovered a cloud data storage folder that was incorrectly configured so that anybody can obtain access to its contents. As soon as they detected the unsecured folder, they secured it and started investigating what data was saved on the folder.
It was discovered that this folder contained unencrypted files created in August 2019 that included the personal information of 11,000 Eversource eastern Massachusetts clients.
Even if the company declared there is no evidence that any of the data was exploited by unauthorized people, customers are urged to register for the free of charge identify theft monitoring provided by Eversource Energy.
This way they will receive notifications if and when their social security number is illegally used.
Affected clients should also pay attention to possible phishing emails posing to be from Eversource Energy, or other organizations, that use the exposed data to collect further information.
Heimdal™ Email Fraud Prevention
- Deep content scanning for attachments and links;
- Phishing, spear phishing and man-in-the-email attacks;
- Advanced spam filters to protect against sophisticated attacks;
- Fraud prevention system against Business Email Compromise;
Even if the Eversource Energy data breach was not as severe as others recently occurred, it is essential for their security posture to improve in order to avert other data leaks and cyberattacks in the future.