DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

How do you define “finite and very small:” Peoples Gas/North Shore Gas disclose breach

Posted on December 16, 2011 by Dissent

Steve Daniels reports:

Peoples Gas and sister utility North Shore Gas have notified an undisclosed number of customers of the possible theft and potential use of personal information about them by a contract worker.

The natural gas utilities, which serve nearly 1 million customers in the city of Chicago and many northern suburbs, said in a statement that they were barred by state law from saying how many customers were affected.

They said, though, that the number is “finite and very small.” The companies said they had no information to indicate that the number of customers affected by the possible identity theft would grow.

The contracted employee has been fired and is “subject to criminal investigation and prosecution,” the companies said. They added that they notified affected customers by phone and in writing “in the most expedient time possible and without unreasonable delay as soon as we determined the scope of the situation.”

Read more from Crains. Wailin Wong of The Chicago Tribune also covers the news story.

I have not seen a copy of the actual notification to customers, but am puzzled by references to “possible” theft or “possible” misuse in light of other information, described below.

Last month, having done a bit of digging, I attempted to contact the utilities via contact form to ask them to confirm or deny that they were the unnamed utilities company in this November breach report involving an employee of iQor in Charlotte. I got no response (maybe the form didn’t submit correctly), but note that that news story and other media coverage at the time suggested that there were over 100 victims and definite misuse of customer data.

Following the new media coverage, I contacted Peoples Gas by e-mail, and a spokesperson responded, confirming that this was the same incident that had been reported last month. In a statement provided to DataBreaches.net, the spokesperson writes:

As part of the investigation, Peoples Gas and North Shore Gas have worked diligently with law enforcement agencies to identify customers that could have been affected by the breach and steps have been taken to contact these customers in the most expedient time possible, without unreasonable delay and consistent with any measures necessary to determine the scope of the breach.

This notification process is related to the incident reported recently in Charlotte. We can’t speak for the numbers that were reported there, however we complied with new Illinois law which provides more information to customers and limits disclosure of the numbers.

The new Illinois law referenced in the spokesperson’s statement is likely HB 3025, which will indeed, bar entities from disclosing the total number of Illinois residents affected. One provision  adds the following language to the state’s data breach notification law:

The disclosure notification to an Illinois resident shall include, but need not be limited to, (i) the toll-free numbers and addresses for consumer reporting agencies, (ii) the toll-free number, address, and website address for the Federal Trade Commission, and (iii) a statement that the individual can obtain information from these sources about fraud alerts and security freezes. The notification shall not, however, include information concerning the number of Illinois residents affected by the breach.

HB 3025 does not go into effect until January 1, however, so Peoples/North Shore probably could have disclosed the numbers.

While this does not appear to be a case where tens of thousands – or even 1,000 – may be affected, if there were over 100 victims, I would not describe 100 victims as “very small.” A small percentage of their customer base, perhaps, but not a small number when you think in terms of human impact.  Others may reasonably disagree with me.

In the meantime, no indictment has yet been  filed in any federal court against the iQor employee or her boyfriend.  According to Herald Online, Hall worked for iQor in their Human Resources department. The data theft reportedly occurred in October, with reports of ID theft and fraudulent card use starting to emerge almost immediately.

Image credit: TonyTheTiger at en.wikipedia, used under Creative Commons License.

Category: Breach IncidentsBusiness SectorOf NoteSubcontractorU.S.

Post navigation

← HI: Tax data infiltrated by state workers (updated)
2.8k Accounts dumped from portalmercosur.com →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.