[Lex Computer & Tech Group/LCTG] Fwd: Notice of Data Security Incident

Tue Aug 29 16:23:45 PDT 2023

 Yeah, I got this notice in my email last week. I'm not too concerned, as it does not appear that financial or credit card data were involved. But if you use their online account, changing your password would be wise.
However, if the breach involved an outside vendor with access to the server side of their network (not necessarily the case here) nothing we could do on our (client) side would improve the security of our accounts. In such a case, the Company (Eversource in this case) would have to improve their security practices and vendor policies. 
For the record, the breach happened May 31, 2023. So if you were going to be damaged by this breach, the damages have already occurred. On June 15, 2023 a second breach happened. Both breaches were orchestrated by a Russian-speaking organization, and were directed at Microsoft's Azure Cloud infrastructure. Eversource and its customers were apparently not the primary targets. 
https://en.wikipedia.org/wiki/MOVEit 

-- Bob Primak 
    On Tuesday, August 29, 2023 at 06:51:46 PM EDT, Smita Desai via LCTG <lctg at lists.toku.us> wrote:  

 Eversource breach - please change account password ASAP. 
Smita Desai 

Sent from my iPhone
Begin forwarded message:

|  
| 
|  
|   |
|      |
|   |

  |

|  
|  |  |  |

  |

|  
|    |
|  
|   The security of our customers’ information is of paramount importance to us. We recently learned that one of our vendors was among the companies that experienced a data breach incident directly related to the MOVEit data transfer software vulnerability hack that has affected many other companies globally. The vendor, CLEAResult, is contracted to provide services to energy efficiency programs for utilities in Massachusetts, including Eversource. Some of your information was contained in the CLEAResult files, such as your name, address, contact information and utility account and usage information. Your personal information such as your Social Security number or financial account number was NOT involved in this incident. 
    |

  |
|    |

  |

|  
|    |
|  
|   We are reaching out to let you know what happened and provide information on steps you can take to protect yourself. 
    |

  |
|    |

  |

|  
|    |
|  
|    What happened?    |

  |
|    |

  |

|  
|    |
|  
|   CLEAResult has advised Eversource that the data incident was directly related to the MOVEit vulnerability exploited by an unauthorized actor. Some file copies were taken from CLEAResult’s systems.  CLEAResult has advised us that they moved quickly to take appropriate security measures to fix this vulnerability, are completing their investigation into this incident and complying with all laws. We remain in close contact with CLEAResult.    
    |

  |
|    |

  |

|  
|    |
|  
|    What actions can I take to protect myself?     |

  |
|    |

  |

|  
|    |
|  
|    We urge you to monitor your account for unusual activity and use these tips to help you spot potential scam attempts. If you suspect unusual activity, please contact us.    |

  |
|    |

  |

|  
|    |
|  
|    We share your concern about this data breach, and we will continue to make information security a top priority. We are proactively taking additional security measures to ensure the protection of your information and utility accounts.    |

  |
|    |

  |

|  
|    |
|  
|    We’re honored to serve you and take that responsibility seriously.    |

  |
|    |

  |

|  
|    |
|  
|   
#yiv9305183711 #yiv9305183711t::before {}#yiv9305183711 div.yiv9305183711OutlookMessageHeader {}#yiv9305183711 table.yiv9305183711moz-email-headers-table {}#yiv9305183711 blockquote #yiv9305183711t {}#yiv9305183711 #yiv9305183711MailContainerBody #yiv9305183711t {}

   |

  |
|    |

  |

|  
|   |
|  
|   |

  |
|   |

  |

|   
|  
|   |
|    |
|   |
|   800 Boylston Street, Boston, MA 02199 
 Privacy Policy  |  Terms and Conditions   |
|   |
|   Stay connected for updates:
   |
|   |
|  
|                             |

  |
|  |
|   This email was sent to SMITAUSA at COMCAST.NETand contains information related to your Eversource account. Please do not reply to this automated message. For assistance,contact us Monday through Friday 8 a.m. to 6 p.m. EDT. 

Log into your Eversource account for 24/7 access to manage your services or update your email address and alert preferences.

 © 2023 Eversource Energy. All rights reserved.   |
|  |

  |

   |

 |

  |

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us      Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us  To unsubscribe: email lctg-unsubscribe at toku.us
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to bobprimak at yahoo.com.
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/bobprimak@yahoo.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20230829/f7526e93/attachment.htm>