Rochester Gas and Electric Corp. and New York State Electric & Gas Corp. failed to adequately protect confidential customer information from unauthorized access by outside parties, the state Public Service Commission said Thursday.
The PSC investigation followed a January advisory from NYSEG that unauthorized parties obtained access to confidential information of its and RG&E customers. The information included Social Security numbers, dates of birth and, in some cases, financial institution account information, PSC officials said
“Our investigation found that NYSEG and RG&E failed to meet industry standards and best practices to protect personally identifiable information of customers,” PSC chairman Garry Brown said in a statement.
“As a result, we are directing the companies to immediately take action to address the vulnerabilities on its computer billing and records systems currently used to take and maintain confidential customer information.”
There is no evidence any confidential information was misused, the PSC report states.
RG&E and NYSEG took reasonable actions to inform customers of the potential impacts of the security breach, the investigation found, but several deficiencies in the companies’ systems and practices contributed to the breach.
The companies have taken sufficient steps to prevent a recurrence of a similar breach and are planning to revamp their information systems and data protection security, PSC officials said.
(c) 2012 Rochester Business Journal. To obtain permission to reprint this article, call 585-546-8303 or email firstname.lastname@example.org.