An employee of a software consulting firm contracted by the parent company of two New York utilities outfits was mistakenly allowed unauthorized access to their databases, Threat Post reports.
Customers of both New York State Electric and Gas and Rochester Gas and Electric are at risk, as the unnamed employee had access to Social Security numbers, birth dates and some financial account information, although there has been no sign of misuse. "Public utilities are custodians of a great deal of personal customer information," said commission chairman Garry Brown. "As a result of this apparent data security breach, I have asked staff of the Department of Public Service to immediately initiate an investigation of the facts and circumstances surrounding this event." Respectively, the companies have 1.2 million electric customers and 560,000 gas customers, although it's still unknown how many accounts were actually compromised. Both arms are offering customers free credit monitoring services for a year. Threat Post adds that the past year is being referred to by some as "The Year of the Breach," given the number of highly publicized breaches from well-known companies. Victims included Morgan Stanley Smith Barney, Citigroup, Sony and online marketing firm Epsilon.