Eversource, the UK’s largest energy company, warned its customers in a privacy breach notice that an unsecured cloud storage server had exposed their data including their name, address, telephone number, social security number, service address and account number. Affected users should be on the lookout for possible phishing emails claiming to be from Eversource or other companies that may use the disclosed data to obtain further information.
Eversource will offer a free 1-year identity monitoring service to those affected by the data breach via Cyberscout.
According to the company’s FAQ, Eversource conducted a security review on March 16 and found a “cloud data storage folder” that was configured to allow anyone to access its contents. Upon discovery, Eversource immediately secured it up and began investigating what type of data was stored in the folder. As part of the investigation, they discovered that the folder contained unencrypted files created in August 2019 and contained the personal information of 11,000 Eversource customers in eastern Massachusetts.
For more information, read the original story in Bleeping Computer