Poughkeepsie, NY-based Central Hudson Gas and Electric is working with state and federal authorities and industry groups to investigate a cyber attack in late February where hackers gained entry to as many as 110,000 customer accounts.
Employees detected the computer system intrusion Feb. 20. The attack occurred over a weekend, and as a result of regular control procedures, employees found the attack and reported it, the utility said.
So far there appears to be no evidence that customer information ended up misused or downloaded during the incident, but the utility warned customers to monitor bank accounts for suspicious or unauthorized activity.
While the utility may have suffered a compromise with its customer information, a company spokesman said there is no evidence intruders found their way to the electric infrastructure. But officials are continuing their investigation.
Central Hudson is offering affected customers free enrollment for a year in a credit monitoring and identity theft protection program.
News of the Central Hudson cyber attack comes as government officials have been issuing warnings with increasing urgency about cyber threats aimed at the energy sector and others.
As a response to question on a Central Hudson FAQ site, the utility responded to when the incident occurred:
“Central Hudson employees uncovered the incident on Tuesday, Feb. 19, as a result of regular control procedures. We discovered that information regarding some customers may have been accessed via a cyber-security incident over that previous weekend. There is no evidence to date that the information was downloaded or misused, and our investigation is continuing.”
In terms of how Central Hudson protected its systems, the company responded:
“Central Hudson uses a variety of security measures to protect customer information, and we regularly adapt these controls to respond to changing requirements and advances in technology. A team of employees is also dedicated to cyber security, and we work with electric and natural gas industry groups to enhance our cyber-security systems.”