Eversource reported a data breach due to an unsecured cloud server that exposed customers' personal information. 

Eversource Energy Customer Data Exposed Due To Cloud Misconfiguration

Eversource reported a data breach due to an unsecured cloud server that exposed customers’ personal information. 

Eversource Energy is the largest US energy supplier in New England states of the USA that powers 4.3 million electric and natural gas customers in Massachusetts, Connecticut, and New Hampshire.

Eversource Energy said the unsecured cloud storage server exposed customers’ names, addresses, phone numbers, social security numbers, service addresses, and account numbers.

Eversource is offering a free 1-year identity monitoring service through Cyberscout for all affected by the breach.

After receiving the data breach notification, an Eversource customer called Cyberscout to learn more about the breach. Ultimately, they were sent an internal frequently asked questions document used by Cyberscout employees to answer inquiries about the breach.

According to the document published by the company, Eversource found a “cloud data storage folder” that was misconfigured when performing a security review on March 16th. The misconfiguration allowed anyone to access the contents of the folder. The company immediately secured the folder and began investigating the possible breach.

Eversource found out this folder contained unencrypted files since August 2019 that contained the personal information of 11,000 Eversource eastern Massachusetts customers.

Eversource believes there is no indication that any of this data had been stolen or misused by any unauthorized parties. Still, Eversource users are encouraged to sign up for the free identity theft monitoring that will alert them when their social security number is fraudulently used.

Impacted users should also be on a high alert for possible phishing emails that will try to use exposed data to steal further information from victims.

Recently, ransomware attacks have lead to a number of network breaches at utility companies, including EDP Renewables North America, Centrais Eletricas Brasileiras (Eletrobras) Enel Group, Companhia Paranaense de Energia (Copel), and a water treatment system in Oldsmar, Florida.

These breaches show an increasing trend and the need for utilities to boost their security in order to prevent such attacks in the future.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.