“A misconfiguration error has exposed personal data belonging to customers of New England’s largest energy provider. On March 16, Eversource discovered that one of its cloud data storage folders had erroneously been set to open access rather than to restricted access.
The company serves more than 3.6 million electric and natural gas customers in Connecticut, Massachusetts, and New Hampshire. An investigation into the data breach launched by Eversource’s security team found that the unsecured folder contained personal data belonging to customers residing in eastern Massachusetts.
Information exposed in the incident included names, addresses, phone numbers, Social Security numbers, billing addresses, and Eversource account numbers and service addresses.
The folder was secured on the same day that the error was detected, and the company’s security team do not believe that the personal information it contains was accessed, stolen, or misused by any unauthorized third parties.
Cybersecurity company CyberScout is handling customer service related to the breach on behalf of Eversource. A “frequently asked questions” document created by CyberScout states that the data breach impacted about 11,000 customers.”