DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Central Hudson Completes Internal Cyber-Security Investigation Experts Report it May be Impossible to Ever Confirm Information Transfer; Law Enforcement Investigation Continues

Posted on April 16, 2013 by Dissent

Central Hudson Gas & Electric Corporation has issued a press release updating its customers on the breach disclosed in February that affected 110,000 customers:

(POUGHKEEPSIE, NY) Though New York State and federal law enforcement officials continue to investigate the incident externally, forensic computer experts have completed their internal investigation into the February cyber-security incident that had the potential to involve banking information for approximately one third of Central Hudson Gas & Electric Corporation customers.

“Despite an exhaustive review, these cyber-security forensic experts could not confirm if any private banking information for any of our customers was transferred,” said James P. Laurito, Central Hudson’s president. “They also report that it is likely that it may never be possible to document if information was transferred.

“As a result, we continue to err on the side of extreme caution in advising the notified customers to be vigilant in monitoring their bank accounts and credit reports. Any unauthorized transactions should be reported immediately to their bank and local law enforcement agency,” he said.

Laurito recommends that potentially impacted customers take advantage of the complimentary credit monitoring services that Central Hudson offered to them via mail. Eligible customers received enrollment instructions by U.S. Mail but they must sign up by June 30, 2013, in order to be covered. The coverage is retroactive until February 15, 2013, and will extend until June 16, 2014; it will cover all verifiable claims, providing that customers enroll and file fraud complaints promptly.

The investigation conducted by an expert forensic computer firm on Central Hudson’s internal systems confirmed that the incident was the result of malware that infiltrated Central Hudson’s information systems during or prior to September 2012 but likely lay dormant until earlier this year, Laurito said. “The malware, which Central Hudson personnel discovered and disabled on February 19, 2013, was designed to seek out and export information. While the potential exists that information contained on the front of bank checks was exported, it cannot be confirmed what, if any, information was ever actually transferred,” Laurito said.

“We sincerely regret the understandable concern that this incident has caused our customers. We take this incident very seriously, and we will continue to add new safeguards and procedures to further bolster our cyber security systems,” said Laurito. He said those steps include isolating computers with sensitive data from the internet, changing password protocols, educating employees about how to identify security issues, updating software patches, and auditing security procedures to continually improve them.

“While we want our customers to know that we are doing everything possible to investigate this incident, we also want them to know that the complimentary credit monitoring program is designed to provide them with peace of mind,” Laurito said.

He added that customers who received enrollment letters should contact Experian at 877-371-7902 to enroll in the free credit monitoring service; those with questions regarding this incident or any matter related to their account should visit Central Hudson at www.CentralHudson.com or call 1-800-527-2714.

Category: Breach IncidentsBusiness SectorMalwareU.S.

Post navigation

← Belgium: Update on Personal Data Security Breaches
NYSEG online hiring site hacked; customers not affected →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.