The New York State Public Service Commission announced yesterday they’ll be looking into a data breach that may have exposed the personal information of almost two million customers to unknown attackers.
An employee from a software consulting firm contracted by New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) was allowed unauthorized access to the company’s databases, prompting the investigation, according to a statement by the the Commission on Monday.
Both companies are owned by Iberdrola USA of Rochester, N.Y. and serve approximately 1.8 million customers collectively.
While NYSEG and RG&E claim there is no proof customers’ data may have been mishandled, they have begun to send preventive notifications regarding the breach to their customers. The exposed data includes Social Security Numbers, dates of birth and some financial account information, according to a press release (.PDF) issued by the NY Commission on Monday.
“This investigation will seek a complete understanding of the root causes for this security breach, and the measures in place to protect against such a breach,” said the Commission’s Chairman Garry Brown.
Much like other corporations breached before them, NYSEG and RG&E have partnered with credit service group Experian to supply fraud victims with a year of credit monitoring free and have claimed they’ll offer their full assistance with forensics experts and law enforcement.
The breach adds to countless others in the last 12 months, which is being referred to by some as “The Year of the Breach.” Retail brokerage Morgan Stanley Smith Barney, financial services corporation Citigroup, Sony and Epsilon all were the victims of similar breaches in the past year.