The customer information systems of the New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E), subsidiaries of Iberdrola USA, became exposed after an employee of an independent software developing consulting firm allowed unauthorized parties to access it.
“Public utilities are custodians of a great deal of personal customer information,” said Commission Chairman Garry Brown.
“As a result of this apparent data security breach, I have asked staff of the Department of Public Service to immediately initiate an investigation of the facts and circumstances surrounding this event.”
For now, there is no evidence to indicate that the information has been misused, but since Social Security numbers, dates of birth and, in some cases, bank account numbers are involved, customers are being notified as a precaution measure.
The authorities have also been notified on the incident and computer forensic experts have begun an analysis to determine how the breach occurred.
In the meantime, individuals are advised to monitor their credit and bank accounts for any signs of unauthorized activity. Also, NYSEG and RG&E have arranged for Experian to a one-year credit monitoring service free of charge through ProtectMyID.
Those who want to take advantage of the offer must enroll in the program by April 30, 2012, to activate their membership.
A help line was also set up to offer assistance for those who fear their information may be misused. The help line numbers are 1.877.736.4495 and 1.479.573.7373, for international callers, the lines being staffed daily from 9 AM to 9 PM and between 11 AM and 8 PM on weekends.