Utility Company Breach Leads Roundup

110,000 Customers Affected by Network Intrusion
Utility Company Breach Leads Roundup

In this week's breach roundup, Central Hudson Gas & Electric Corp. is alerting 110,000 of its customers that their banking information may have been accessed during a network intrusion. Also, a hospice has notified about 1,800 patients about the theft of an unencrypted laptop.

See Also: Live Webinar | Improve Cloud Threat Detection and Response using the MITRE ATT&CK Framework

Utility Company Hit by Network Intrusion

Central Hudson Gas & Electric Corp. is alerting 110,000 of its customers that their private banking information may have been accessed during a network intrusion incident on President's Day weekend.

Central Hudson serves about 300,000 electric customers and 75,000 natural gas customers in New York State's Mid-Hudson River Valley.

The network intrusion was detected as a result of regular control procedures, the company said in a Q&A listed on its website.

While details are still sparse, Central Hudson confirms that customer information was accessed, but says there's no evidence that the information was downloaded or misused. The investigation is continuing along with state and federal law enforcement, the company said.

Central Hudson has determined that approximately one third of its customer database may have been affected by the incident.

Affected individuals will receive one year of free credit-monitoring services, according to a Feb. 20 company release.

Stolen Laptop Affects 1,800 Patients

Heyman HospiceCare at Floyd, a unit of Floyd Healthcare System in Rome, Ga., has notified about 1,800 patients about a breach stemming from a laptop stolen from an employee's car.

Patient information on the laptop that may have been compromised includes name, address, phone number, date of birth, and Social Security number, as well as insurance policy numbers, diagnoses, visit notes, physician names, caregiver names, and advance directives, the healthcare system confirms in an online notice.

Notification letters were mailed to affected individuals on Feb. 15, offering free credit-monitoring services for one year.

Fraud Tied to Bike Race Registration

The Iron Horse Bicycle Classic in Durango, Colo., is reporting that about two dozen registrants for the bike race have reported fraudulent charges to their credit cards.

Race organizers first started receiving reports on Feb. 10, according to a statement on the organization's website. Officials notified their web server host and web technician about the apparent breach, but they were unable to identify any security issues. They also notified the race's credit card processors - Mercury Payment Systems and Plug and Pay.

Race officials are working with law enforcement and outside resources to identify the source of the breach. They are recommending that all registrants contact their credit card providers and alert them about the situation.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.