[BreachExchange] Eversource Energy data breach caused by unsecured cloud storage

Destry Winant destry at riskbasedsecurity.com
Thu Apr 22 10:51:34 EDT 2021


https://www.bleepingcomputer.com/news/security/eversource-energy-data-breach-caused-by-unsecured-cloud-storage/

Eversource, the largest energy supplier in New England, has suffered a
data breach after customers' personal information was exposed on an
unsecured cloud server.

Eversource Energy is the latest energy delivery company in New
England, powering 4.3 million electric and natural gas customers
throughout Connecticut, Massachusetts, and New Hampshire.

In a data breach notification shared with BleepingComputer, Eversource
Energy is warning customers that the unsecured cloud storage server
exposed their name, address, phone number, social security number,
service address, and account number.

For those affected by the data breach, Eversource is offering a free
1-year identity monitoring service through Cyberscout.

After receiving the data breach notification, an Eversource customer
called Cyberscout to learn more about the breach. Ultimately, they
were sent an internal frequently asked questions document used by
Cyberscout employees to answer inquiries about the breach.

According to the FAQ shared with BleepingComputer, Eversource
performed a security review on March 16th and found a "cloud data
storage folder" that was misconfigured so that anyone could access its
contents. When they discovered the unsecured folder, they immediately
secured it and began investigating what data was stored on the folder.

This folder contained unencrypted files created in August 2019 that
included the personal information of 11,000 Eversource eastern
Massachusetts customers.

At this time, Eversource states that there is no indication that any
of this data was acquired or misused by unauthorized people.

While this may be true, BleepingComputer recommends that users sign up
for the free identify theft monitoring offered by Eversource to be
alerted if their social security number is fraudulently used.

Affected users should also be on the lookout for possible phishing
emails pretending to be from Eversource, or other companies, that
utilize the exposed data to harvest further information.

Over the past two years, ransomware attacks and network breaches have
targeted numerous utility companies, including EDP Renewables North
America, Centrais Eletricas Brasileiras (Eletrobras) and Companhia
Paranaense de Energia (Copel), and the Enel Group.

Even more concerning, threat actors recently breached a water
treatment system in Oldsmar, Florida, and attempted to increase the
concentration of sodium hydroxide (NaOH) cleanser to hazardous levels

These breaches, and even EverSource's less malicious breach,
underscore how utilities need to increase their security posture to
prevent these types of leaks and attacks in the future.

Thx to webster341 and i486DX for sharing their notifications and the FAQ.


More information about the BreachExchange mailing list