DataBreaches.net

DataBreaches.net

The Office of Inadequate Security

Menu
  • Breach Laws
  • About
  • Donate
  • Contact
  • Privacy
  • Transparency Reports
Menu

Central Hudson Cyber Attack Investigation Progress

Posted on February 20, 2013 by Dissent

Yesterday, Central Hudson Gas & Electric detected an intrusion and immediately alerted customers to the possibility that their auto-pay bank account information may have been accessed. Today they just issued the following update:

Potentially Affected Customers to be Offered Free Credit Monitoring

Central Hudson is continuing its investigation into a weekend cyber-security attack within its computer network. While there is still no evidence that any customer information was downloaded or misused, the utility has now determined that the number of potentially affected customers is limited to approximately one third of its customer database.

“We will be using an automated telephone system to call all of our customers for whom we have telephone contact information to alert them as to whether they are potentially affected or not by noon tomorrow,” said Central Hudson President James P. Laurito. He stressed that no evidence has been uncovered to date that confirms that any information was transferred during the attack, and that Central Hudson is taking these notification steps as an added precaution.

“The approximately 110,000 customers whose account information was potentially affected will receive from us via U.S. mail an offer of a full year of complimentary credit monitoring as a precaution,” Laurito said. All other customers will be receiving telephone and mail notification that their account is not involved in the investigation.

Central Hudson is conducting its own investigation into the incident, and will continue to work with state and federal law enforcement officials as part of that investigation.

Their response to this breach raises some useful questions. If data were downloaded, their prompt alert is commendable and useful in helping customers protect themselves. If their investigation discovers that no data were downloaded, their alert and follow-up may needlessly worry customers. So what would you do?

And should they have rushed to offer free credit monitoring before they’ve determined whether data were downloaded? Given the cost of the service, would it have made more sense to wait a few days and say – for now – that if they determine that it was downloaded, then affected customers will be offered free services? What would you do?

Related Posts:

  • Central Hudson Completes Internal Cyber-Security…
  • Cucamonga Valley Water District discloses Click2Gov breach
  • TX: Cyber attack affects Hudson ISD website
  • Another Click2Gov breach? Why is this still happening?
  • NY: Cyber attack at Massena Central School under…

Post navigation

← This could be big…
Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments →

3 thoughts on “Central Hudson Cyber Attack Investigation Progress”

  1. JJ says:
    February 20, 2013 at 5:20 pm

    Companies buy credit monitoring in bulk, which is nowhere close to the retail pricing. And if they’re half-way good negotiatiors, they are only paying for the ones that enroll. So it’s a good PR move and probably has a low cost. I mean, heck, just how many credit reporting alert services does a breached cosumer need? 🙂

    1. admin says:
      February 20, 2013 at 5:36 pm

      Using a discount rate of $10/mo per person (and that’s a lowball estimate) and estimating that 10% of the 110,000 take them up on the offer, that would be about $1.3M for the year. I don’t consider that a low cost. After all, who’s going to pay for this eventually? If the insurer pays out and doesn’t raise the utility’s rates, okay, but otherwise it’s the customers who are eventually going to foot the bill, no?

  2. IA Eng says:
    February 21, 2013 at 7:34 am

    I believe the admin is right. I have credit monitoring on and its over $12.00 a month. But I think in bulk it would be much lower. That 1.3 Mil can be divided amongst all customers, and lets say is 330,000 people. The hike would be minimal. If they recover it over a year, the increase is $4.00 for the year, or about 30 cents a month.

    At least this is proactive after the fact. One doesn’t know if the intruders were caught in the act or through the grapevine, it appears they caught them. Lets hope the bad stuff has been removed and all returns to normal – minus the security.

Comments are closed.

Sponsored or Paid Posts

This site doesn’t accept sponsored posts and doesn’t respond to requests about them.

Have a News Tip?

Email:

Breaches[at]Protonmail.ch
Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Telegram: @DissentDoe

Browse by News Section

Latest Posts

  • The Untold Story of a Massive Hack at HHS in Covid’s Early Days
  • Records reveal new information about Sweetwater Union High School District ransomware incident
  • HHS’ Office for Civil Rights Settles First Ever Phishing Cyber-Attack Investigation
  • Founder and Majority Owner of Cryptocurrency Exchange Pleads Guilty to Unlicensed Money Transmitting
  • Hackers hit Erris water in stance over Israel
  • Data breach by Addenbrooke’s Hospital reveals patient information
  • Millions of patient scans and health records spilling online thanks to decades-old protocol bug
  • Cybersecurity: Federal Agencies Made Progress, but Need to Fully Implement Incident Response Requirements (GAO Report)

Please Donate

If you can, please donate XMR to our Monero wallet because the entities whose breaches we expose are definitely not supporting our work and are generally trying to chill our speech!

Donate- Scan QR Code   Donate!

Social Media

Find me on Infosec.Exchange.

I am also on Telegram @DissentDoe.

RSS

Grab the RSS Feed

Copyright

© 2009 – 2023, DataBreaches.net and DataBreaches LLC. All rights reserved.

HIGH PRAISE, INDEED!

“You translate “Nerd” into understandable “English” — Victor Gevers of GDI Foundation, talking about DataBreaches.net

©2023 DataBreaches.net