A breach notification by Energy Federation Incorporated to the New Hampshire Attorney General’s Office indicates that on July 12, they discovered two pieces of malware on their server that had been inserted on July 7 and July 10. The malware “was designed to allow a third part to remotely search and collect” information on the server, which included customers’ names, contact information, and credit card numbers and expiration dates. EFI notes that names were stored in a separate database from the credit card data and payment-related information was “purged on an hourly basis.”
Twenty New Hampshire residents were to be notified on July 30; the total number was not indicated.