Ashley Eberhardt reports:
Colorado Springs Utilities said in an email to customers that sensitive data stored by a subcontractor had been accessed by an “unauthorized party” in June.
In the email sent out on Wednesday, Springs Utilities said they learned of the breach on July 6, and that the breach occurred on June 15, 2022.
Information that was accessed included customer names and addresses, Colorado Springs Utilities account numbers, and in most cases, phone numbers and email addresses.
Read more at Fox21.
Because the data elements involved are not considered sensitive, Colorado Springs said the incident was not actually a “data breach,” by statute, but they were notifying people proactively.
About 200,000 customers had information in the file accessed on the subcontractor’s system.
Colorado Springs Utilities declined to name the subcontractor “for security reasons,” but states
The third-party subcontractor has already implemented system enhancements to protect the data we entrust them. They have addressed the policy requirements to manage our data as agreed upon in a secure manner.