Name Of Utility Company That Leaked Information Just Released

September 15, 2018

Written by wukovits

name of utility company that leaked information just releasedIn 2016, an unnamed US energy company left some 30,000 records (containing information about its security assets) exposed for more than two months (a total of 70 days), in violation of energy sector cyber security regulations. When the incident was initially reported, the name of the company was withheld.

That company has now agreed to a $2.7 million-dollar settlement, and its name has now been made public, along with some additional details about the incident.

Initially, the company admitted that they unintentionally exposed the database in question, but that it contained fake data. As the investigation into the matter continued, it became apparent that the data was not only real, but that it included hashed passwords for administrators that hackers could have easily reverse-engineered. PG&E subsequently reversed their fake data assertion.

The exposed data was found by independent security researcher Chris Vickery, who indicated at the time that the database contained details for some 47,000 computers, virtual machines, servers and other devices.

In addition to that a number of non-encrypted email passwords were found, along with 120 encrypted passwords. In Vickery’s words, “This would be a treasure trove for any hostile nation-state hacking group.”

According to the official NERC notice regarding the incident:

“The data was exposed publicly on the internet for 70 days. The usernames of the database were also exposed, which included cryptographic information of those usernames and passwords. Exposure of the username and cryptographic information could aid malicious attackers in using this information to decode passwords.”

Once PG&E was made aware of the problem, it took a server offline, which removed the exposed data. They also brought in third-party forensic experts to investigate, and as a result of that investigation, revised a number of their security policies.

Overall, the company’s handling of the matter was spotty at best, but in light of the record-setting fine, the hope is that we won’t see a similar instance of carelessness in the future.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...