The sensitive data of 3,000 residential customers of Indianapolis Power and Light were accidentally posted online for up to four years.

What kind of personal information? Names, addresses and Social Security numbers.

What happened? Some of information was posted online from 2003 until November 2007; other records were exposed for just a couple of weeks.

What was the response? The power company sent notification letters to affected customers and is offering them one year of free credit monitoring.

Details: A recent audit caught the security lapse., Channel 6 News, "Security lapse affects thousands of electric customers," Dec. 4.