DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Data Breach at New York Utility Prompts Enforcement Action and Industry-Wide Data Security Review

Posted on August 25, 2012 by Dissent

Boris Segalis and Nihar Shah provide some follow-up to a data security breach at New York State Electric & Gas and Rochester Gas and Electric that was disclosed in January. As I noted in July, regulators criticized NYSEG over the breach that had affected 1.8 million.

Segalis and Shah write:

The Commission subsequently issued an “Order Directing a Report on Implementation of Recommendations” that expanded on many of the recommendations in the Commissioner’s initial statements, and described in detail the ways in which the Commissioner found NYSEG to have failed to adequately protect its customers’ PII.

The Commission conducted an exhaustive inquiry into NYSEG’s data security practices and found several instances in which the utility was not employing best practices and industry standards to protect PII.  The Order referred to the NIST (2010) Recommended Security Controls for Federal Information Systems and Organizations as well as best practices set forth in the Family Educational Rights and Privacy Act (FERPA) as the baseline for benchmarking NYSEG’s relevant practices.  The Commission benchmarked NYSEG’s data security practices in eight areas:

Read more on InfoLawGroup.

Related posts:

  • Follow-up: Regulators criticize NYSEG for computer security breach
  • NYSEG and RG&E Notify Customers of Unauthorized Access to Customer Data
Category: Breach IncidentsBusiness SectorHackMiscellaneous

Post navigation

← Will the High Court Resolve ‘Without Authorization’ Under the CFAA?
Private Swiss bank Julius Baer confirms another insider data theft →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.