Unauthorized individuals gained access to the personal data belonging to customers of New York State Electric & Gas (NYSEG) and Rochester Gas & Electric (RG&E), which are owned by Iberdrola USA. But an outside contractor is to blame.
How many customers? The companies did not disclose how many people were affected, but reports said the two utilities have about 1.8 million customers between them.
What type of personal information? Social Security numbers, birth dates and, in some cases, bank account numbers.
What happened? For unknown reasons, an employee at a third-party software development consulting firm permitted unauthorized access to one of the company's customer information systems.
Details: There is thus no far no reason to believe that any of the information has been misused or that there was malicious intent on behalf of the employee.
Quote: “Public utilities are custodians of a great deal of personal customer information,” New York State Public Service Commission Chairman Garry Brown said. “As a result of this apparent data security breach, I have asked staff of the Department of Public Service to immediately initiate an investigation of the facts and circumstances surrounding this event.”