“On March 16, 2021, we discovered that a company cloud storage site had been misconfigured so that its files could have been publicly accessed. We immediately restricted access to the site and its files. We then undertook a full investigation to understand what information was contained in the files and the nature and scope of the incident,” Eversource said.
There is no evidence, however, that any of the exposed files were accessed by a third party.
According to BleepingComputer.com, the files “included the personal information of 11,000 Eversource eastern Massachusetts customers.” Those 11,000 customers have been given a year’s subscription to an identity theft monitoring scan by Eversource.
In a document sent to the customers, Eversource states that their “security team conducted a thorough investigation and has taken appropriate actions. We have implemented additional security measures and updated our current security protocols to prevent this from happening again.”