Utility Company Breach Leads Roundup110,000 Customers Affected by Network Intrusion
In this week's breach roundup, Central Hudson Gas & Electric Corp. is alerting 110,000 of its customers that their banking information may have been accessed during a network intrusion. Also, a hospice has notified about 1,800 patients about the theft of an unencrypted laptop.
See Also: The Global State of Online Digital Trust
Utility Company Hit by Network Intrusion
Central Hudson Gas & Electric Corp. is alerting 110,000 of its customers that their private banking information may have been accessed during a network intrusion incident on President's Day weekend.
Central Hudson serves about 300,000 electric customers and 75,000 natural gas customers in New York State's Mid-Hudson River Valley.
The network intrusion was detected as a result of regular control procedures, the company said in a Q&A listed on its website.
While details are still sparse, Central Hudson confirms that customer information was accessed, but says there's no evidence that the information was downloaded or misused. The investigation is continuing along with state and federal law enforcement, the company said.
Central Hudson has determined that approximately one third of its customer database may have been affected by the incident.
Affected individuals will receive one year of free credit-monitoring services, according to a Feb. 20 company release.
Stolen Laptop Affects 1,800 Patients
Heyman HospiceCare at Floyd, a unit of Floyd Healthcare System in Rome, Ga., has notified about 1,800 patients about a breach stemming from a laptop stolen from an employee's car.
Patient information on the laptop that may have been compromised includes name, address, phone number, date of birth, and Social Security number, as well as insurance policy numbers, diagnoses, visit notes, physician names, caregiver names, and advance directives, the healthcare system confirms in an online notice.
Notification letters were mailed to affected individuals on Feb. 15, offering free credit-monitoring services for one year.
Fraud Tied to Bike Race Registration
The Iron Horse Bicycle Classic in Durango, Colo., is reporting that about two dozen registrants for the bike race have reported fraudulent charges to their credit cards.
Race organizers first started receiving reports on Feb. 10, according to a statement on the organization's website. Officials notified their web server host and web technician about the apparent breach, but they were unable to identify any security issues. They also notified the race's credit card processors - Mercury Payment Systems and Plug and Pay.
Race officials are working with law enforcement and outside resources to identify the source of the breach. They are recommending that all registrants contact their credit card providers and alert them about the situation.