Officials at New York State Electrics and Gas as well as Rochester Gas and Electric recently announced that customer information may have been exposed by an accidental data breach. The incident potentially allowed unauthorized individuals to access personal data, according to a statement by the Iberdola USA subsidiaries.
The event involved an employee at an independent software development consulting firm who granted access of customer information systems to unauthorized people. The services contained sensitive data like Social Security numbers, dates of birth and sometimes financial account numbers. While the organizations believe no information was used maliciously, law enforcement and computer forensic organizations have been contacted and are conducting a full investigation.
"We take our responsibility to protect customer information very seriously and we have robust information technology security measures in place," said NYSEG and RG&E president Mark Lynch. "The matter was reported to law enforcement authorities, and as a precautionary measure, we are offering NYSEG and RG&E customers the option of a credit monitoring service at no charge."
According to the DataLoss Database, roughly one-third of all data breaches are caused by insiders. While not all of these incidents are malicious, it suggests that businesses must take a stronger stand on who has access to sensitive information.
