Two utilities-related breach reports on the same day? Unusual…
Iberdrola USA said Tuesday its recruitment Internet site was hacked that is used for recruitment and hiring by candidates for New York State Electric and Gas.
The company confirmed last week that an individual gained unauthorized access to the site that is also used for recruitment and hiring at Iberdrola USA, Rochester Gas and Electric and Central Maine Power Co.
The site, a stand-alone system, has been secured, and this incident does not involve any customer data, Iberdrola USA said.
About 5,100 individuals may have provided personal information through the Internet site and may be potentially affected, the company said.
Those potentially affected since January 2007 include candidates who completed an online application prior to an interview, and candidates who was ultimately offered a position at Iberdrola USA, any of its affiliates or any previously-owned entities.
Read more of this report from The Ithaca Journal.
Although 5,100 isn’t a huge number compared to many other breaches, how much better would it have been if they didn’t have so much old data still connected to the Internet?
Significantly, perhaps, the Bangor Daily News reports:
The company is not describing the breach as a “hack,” Carroll said.
“I think hacking suggests that someone has broken in,” he said. “We’re saying it’s unauthorized access.”
When asked what the difference is, Carroll compared it to “someone picking a lock or having a key.”
He couldn’t say, however, whether the perpetrator was an employee. “I think we’re trying to avoid a term that even begins to define who it was,” he said.