Central Hudson Gas & Electric Corporation has issued a press release updating its customers on the breach disclosed in February that affected 110,000 customers:
(POUGHKEEPSIE, NY) Though New York State and federal law enforcement officials continue to investigate the incident externally, forensic computer experts have completed their internal investigation into the February cyber-security incident that had the potential to involve banking information for approximately one third of Central Hudson Gas & Electric Corporation customers.
“Despite an exhaustive review, these cyber-security forensic experts could not confirm if any private banking information for any of our customers was transferred,” said James P. Laurito, Central Hudson’s president. “They also report that it is likely that it may never be possible to document if information was transferred.
“As a result, we continue to err on the side of extreme caution in advising the notified customers to be vigilant in monitoring their bank accounts and credit reports. Any unauthorized transactions should be reported immediately to their bank and local law enforcement agency,” he said.
Laurito recommends that potentially impacted customers take advantage of the complimentary credit monitoring services that Central Hudson offered to them via mail. Eligible customers received enrollment instructions by U.S. Mail but they must sign up by June 30, 2013, in order to be covered. The coverage is retroactive until February 15, 2013, and will extend until June 16, 2014; it will cover all verifiable claims, providing that customers enroll and file fraud complaints promptly.
The investigation conducted by an expert forensic computer firm on Central Hudson’s internal systems confirmed that the incident was the result of malware that infiltrated Central Hudson’s information systems during or prior to September 2012 but likely lay dormant until earlier this year, Laurito said. “The malware, which Central Hudson personnel discovered and disabled on February 19, 2013, was designed to seek out and export information. While the potential exists that information contained on the front of bank checks was exported, it cannot be confirmed what, if any, information was ever actually transferred,” Laurito said.
“We sincerely regret the understandable concern that this incident has caused our customers. We take this incident very seriously, and we will continue to add new safeguards and procedures to further bolster our cyber security systems,” said Laurito. He said those steps include isolating computers with sensitive data from the internet, changing password protocols, educating employees about how to identify security issues, updating software patches, and auditing security procedures to continually improve them.
“While we want our customers to know that we are doing everything possible to investigate this incident, we also want them to know that the complimentary credit monitoring program is designed to provide them with peace of mind,” Laurito said.
He added that customers who received enrollment letters should contact Experian at 877-371-7902 to enroll in the free credit monitoring service; those with questions regarding this incident or any matter related to their account should visit Central Hudson at www.CentralHudson.com or call 1-800-527-2714.