From NYSEG:
New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E), subsidiaries of Iberdrola USA, today began sending precautionary notifications to customers advising them of unauthorized access to customer data. This situation involves an employee at an independent software development consulting firm (contracted by NYSEG and RG&E) who allowed unauthorized access to one of the companies’ customer information systems. The customer records contain Social Security numbers, dates of birth and, in some cases, financial institution account numbers.
There is no evidence that any customer data has actually been misused, or that there was any malicious intent. NYSEG and RG&E have consulted with law enforcement and engaged computer forensics experts. The companies’ investigation is ongoing and the companies will continue to provide law enforcement with their full assistance.
“We take our responsibility to protect customer information very seriously and we have robust information technology security measures in place,” said Mark S. Lynch, president of NYSEG and RG&E. “The matter was reported to law enforcement authorities, and as a precautionary measure, we are offering NYSEG and RG&E customers the option of a credit monitoring service at no charge.”
A help line has been established to assist NYSEG and RG&E customers. The help line numbers are 1.877.736.4495 (toll-free) and 1.479.573.7373 (for international callers). The help line will be staffed from 9 a.m. to 9 p.m. (Eastern Time), Monday through Friday, and 11 a.m. to 8 p.m. on Saturday and Sunday.
NYSEG and RG&E have arranged for Experian to offer customers the option of a year of credit monitoring free of charge, to help identify possible fraudulent activity.
Additional information about this matter is available on the companies’ websites at www.nyseg.com and www.rge.com.
###About NYSEG and RG&E: NYSEG and RG&E are subsidiaries of Iberdrola USA. NYSEG serves 878,000 electricity customers and 261,000 natural gas customers across more than 40% of upstate New York. RG&E serves 367,000 electricity customers and 303,000 natural gas customers in a nine-county region centered on the City of Rochester. Iberdrola USA, a subsidiary of global energy leader Iberdrola, S.A., is an energy services and delivery company with more than 2.4 million customers in upstate New York and New England. We are a team of dedicated individuals working as one to deliver value to our customers, employees and shareholders. By providing outstanding customer service and exceptional reliability, while holding safety and the environment in high regard, we aspire to be a world-class energy company. For more information, visit www.nyseg.com, www.rge.com and www.iberdrolausa.com.
Related: FAQ about the breach and copy of customer notification letter.
Thanks to the reader who alerted me to this breach.
The NYSEG response has been wholly inadequate. True Experian will monitor my credit cards. However I do not pay my bill by credit card. I pay my bill by check. Experian does not monitor bank accounts. My banks are through-out New York State, in other states and on-line. Experian will not monitor my on-line financial business transactions. They will not monitor my on-line Federal or New York State taxes, not my property taxes, not my retirement accounts, not my life insurance, not my house insurance, not my vehicle insurances and not my charitable beneficence. Although I am the victim of the theft; NYSEG will not give me the name of the company contracted by them, nor the status of perpetrators, nor how many data files where accessed, nor when the breach occurred, nor when they learned of the breach. NYSEG should offer bank account protection through a company, such as ‘Life-Lock’ and on-line protection through a company, such as ‘Carbonite’. NYSEG should have a dedicated telephone line for assistance and facts, with continuing updated information on the standing of this situation. Thank you for listening, I am violated in New York State. g
They claim they “discovered” the breach earlier in January. What they don’t say is how they discovered it nor when it occurred. As far as the name of the software firm, I have no idea why they’re shielding them, but if NYSEG taking responsibility for mitigating harm to you, then your dispute is with them, not the contractor.
Not for nuthin’ but this could simply be a matter of an employee at the software firm having a technical/coding problem and allowing a buddy access to the database. Still a Bad Thing, but it might not be a situation where people are really at significant risk. Then again…. better to err on the side of caution.