Ah… another media report of a breach that leaves me scratching my head. Margaret Harding reports:
Duquesne Light Co. is notifying thousands of customers that an employee mishandled their personal information.
There is no evidence anyone used the information illegally, but the company will offer two years of free credit monitoring to 20,000 of its 580,000 customers, spokesman Joseph Vallarian said.
“It’s an internal mishandling of the information, and we want to be overly cautious,” he said.
An employee, whom Vallarian would not identify, had access to records in her work. The information includes names, addresses, Social Security numbers and, in some cases, credit and debit card numbers, he said. Vallarian would not say whether the woman still works for the utility.
Duquesne Light alerted Pittsburgh police when it learned of the problem and will ask a consultant specializing in customer information to review the incident.
The company’s investigation found “no sign whatsoever of any kind of theft,” Vallarian said.
The company informed the state Public Utility Commission, which is monitoring the situation, spokeswoman Jennifer Kocher said.
Okay, now that you’ve read the full news story, what do we know? If the employee had access to records in her work, how did she mishandle those records? What did she actually do? Did she exceed authorized access by looking up 20,000 people’s records or something else? It would be nice to know. The Pittsburgh Business Times doesn’t really shed any additional light as to what happened. And no, there’s no statement on Duquesne’s web at this time.