DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data Breach at New York Utility Prompts Enforcement Action and Industry-Wide Data Security Review

Posted on August 25, 2012 by Dissent

Boris Segalis and Nihar Shah provide some follow-up to a data security breach at New York State Electric & Gas and Rochester Gas and Electric that was disclosed in January. As I noted in July, regulators criticized NYSEG over the breach that had affected 1.8 million.

Segalis and Shah write:

The Commission subsequently issued an “Order Directing a Report on Implementation of Recommendations” that expanded on many of the recommendations in the Commissioner’s initial statements, and described in detail the ways in which the Commissioner found NYSEG to have failed to adequately protect its customers’ PII.

The Commission conducted an exhaustive inquiry into NYSEG’s data security practices and found several instances in which the utility was not employing best practices and industry standards to protect PII.  The Order referred to the NIST (2010) Recommended Security Controls for Federal Information Systems and Organizations as well as best practices set forth in the Family Educational Rights and Privacy Act (FERPA) as the baseline for benchmarking NYSEG’s relevant practices.  The Commission benchmarked NYSEG’s data security practices in eight areas:

Read more on InfoLawGroup.

Related posts:

  • Follow-up: Regulators criticize NYSEG for computer security breach
  • NYSEG and RG&E Notify Customers of Unauthorized Access to Customer Data
Category: Breach IncidentsBusiness SectorHackMiscellaneous

Post navigation

← Will the High Court Resolve ‘Without Authorization’ Under the CFAA?
Private Swiss bank Julius Baer confirms another insider data theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.