Energy Firm Suffers Breach

Thursday, April 18, 2013 @ 05:04 PM gHale

A security breach of Central Maine Power’s (CMP) parent company’s recruitment website potentially exposed the personal data of anyone who has applied for or accepted a job in the past six years.

New Gloucester, ME-based Iberdrola USA owns CMP, along with quite a few power companies located throughout the Northeast, confirmed last week someone gained “unauthorized access” to its recruitment website, which handles personnel recruitment for itself, as well as its three operating companies: CMP, Rochester Gas and Electric Corp., and New York State Electric and Gas Corp.

Spear Phishing: Energy Sector Targeted
Manufacturing Most Attacked Industry
Simulated Attacks Hike Security Awareness
Phishing Hole: Execs Names Pilfered

Roughly 5,100 individuals provided personal information through the website since January 2007 and may have suffered a compromise, said John Carroll, CMP’s manager of public affairs.

Just under 1,000 of those potentially affected are in Maine, where CMP and Iberdrola USA have headquarters, Carroll said. The company is attempting to notify all potentially affected individuals.

Those who applied for or accepted jobs at Energy East, Iberdrola USA’s predecessor, after January 2007 are also among those potentially affected. Iberdrola S.A., a Spanish company, purchased Energy East in 2008 and changed the named to Iberdrola USA.

The recruitment website is a stand-alone system. The security breach did not involve or expose any CMP customer information, according to a news release.

The company is not describing the breach as a “hack,” Carroll said.

“I think hacking suggests that someone has broken in,” he said. “We’re saying it’s unauthorized access.”

When asked what the difference is, Carroll compared it to “someone picking a lock or having a key.”

He couldn’t say, however, whether the perpetrator was an employee. “I think we’re trying to avoid a term that even begins to define who it was,” he said.

An investigation is ongoing to identify the culprit, he said. The company has contacted the FBI and engaged computer forensics experts to assist in the investigation.

Iberdrola USA is offering a year of credit monitoring at no charge to anyone who may have suffered from the breach.

Leave a Reply

You must be logged in to post a comment.