Albany, NY (WBNG Binghamton) A Public Service Commission (PSC) investigation says NYSEG and Rochester Gas & Electric (RG&E) failed to protect confidential customer information from outside parties.
“Our investigation found that NYSEG and RG&E failed to meet industry standards and best practices to protect personally identifiable information of customers,” said Commission Chairman Garry Brown. “As a result, we are directing the companies to immediately take action to address the vulnerabilities on its computer billing and records systems currently used to take and maintain confidential customer information.”
In January, NYSEG informed the PSC that unauthorized parties had obtained customer information, including Social Security Numbers, dates of birth and financial institution account information.
The PSC reviewed the actions taken by NYSEG/RG&E to notify and assist their customers, including efforts to provide accurate information about the potential impact of the breach and to provide tools to assist customers in identifying instances in which their confidential information was misused.
The PSC report stated there was no evidence that any confidential customer information was misused. Stating " after the companies became aware of the security breach, they generally took reasonable actions to information their customers of the potential impact of the breach."
The report did say that the companies had several deficiencies in the their systems and practices contributed to the breach. The PSC says "since then, the companies' have taken sufficient steps to prevent a recurrence of a similar security breach and the companies are planning a major revamp of the information systems and data protection security."
The companies have to report within 60 days their progress in implementing the recommendations.