Cloud ‘data exposure’ at North American energy supplier


New England energy supplier Eversource has reported a cloud security ‘data exposure’ potentially impacting 11,674 customers.

The report followed the discovery made on March 16 that a cloud storage site had been misconfigured and its files potentially open to public access.

The company says that at the time the site was immediately secured and subsequent investigation determined there was no evidence that the data had been accessed by third parties.

Specifically the files in question were found to contain personal information including names, addresses, social security numbers and utility account numbers – but no banking information – of 11,674 customers in the company’s Eastern Massachusetts service region.

Have you read?
Hacking smart meters – a defence warning
Distribution systems’ cybersecurity needs more attention in US

Eversource spokesperson Frank Poirot has highlighted to Smart Energy International that the incident was a data exposure rather than a data breach.

“There is no evidence that the exposed data was accessed, and this was not the result of an attack or breach of our systems,” he said.

Nevertheless, he said the company was taking precautionary measures, including notifying all affected customers by mail and offering them 24 months of credit monitoring and identity theft restoration at no cost.

“We take our obligation to protect customer data seriously, and we will continue using every opportunity to improve our constant work to secure our systems.”

Eversource, New England’s largest energy supplier, delivers electricity, natural gas and water to approximately 4.3 million customers in Connecticut, Massachusetts and New Hampshire.

Cloud security

The incident once again highlights the need for constant vigilance across IT systems as they become more diverse, with the growth of cloud in utility operations opening an additional potential threat vector for cyber attacks.

George Papamargaritis, MSS Director at London headquartered security specialist Obrela Security Industries, said the company’s latest quarterly customer attack round up reveals that cloud attacks on oil and gas organisations increased by over 24% in Q1 of 2021 compared to the same period in 2020.

“This highlights that cybercriminals are amplifying their effort to target cloud assets within the industry,” he said.

“This [Eversource] incident highlights how cloud security misconfigurations can be detrimental to organisations and put their customer data in jeopardy and potentially at risk of hacking. Only time will tell if Eversource is accurate and the data was not accessed by intruders.”

Other notable findings in Obrela’s round up is an increase in attacks targeting endpoints and users, particularly in Western Europe, and an increase in attacks on brands with the potential to damage companies’ reputations.