Electric utilities Eversource and Unitil are warning customers that their personal data may have been compromised, due to a security breach.
It’s the latest in a series of warnings from organizations worldwide that have been victimized by a flaw in a data transfer program made by Burlington-based Progress Software. Last week another local utility, National Grid, said that it too had been breached.
All three companies are clients of CLEAResult, a third-party vendor that helps them operate statewide energy efficiency programs in Massachusetts. CLEAResult uses a data transfer program from Progress Software to exchange information with its clients. In May, Progress warned that it had discovered a serious security flaw in its software, which was being used by cyber criminals to steal personal data.
Advertisement
Eversource said the stolen data includes names, addresses, contact information, and utility account and usage information, but not more sensitive data like Social Security numbers, credit card numbers, or bank account numbers. The utility is urging customers to monitor their accounts for unusual activity.
Unitil, a New Hampshire-based company that provides electricity to a few Massachusetts towns such as Fitchburg and Lunenburg, also uses the CLEAResult service. A company spokesman said that data belonging to about 10 of its subscribers had been stolen, but he did not know whether these were residential or commercial subscribers. The spokesman said that CLEAResult is continuing its investigation to determine the full extent of the breach.
According to the German market research company KonBriefing Research, over 1,000 organizations worldwide have been affected by the Progress Software breach, with the overwhelming majority — more than 800 — based in the US.
About 30 of these are Massachusetts-based, according to KonBriefing, including a number of state government agencies, universities, and financial institutions. These include the Executive Office of Health and Human Services, insurance company MassMutual, market research firm Forrester Research, the Microsoft-owned artificial intelligence company Nuance Communications, Cambridge Trust, and retail company TJX.
Advertisement
Hiawatha Bray can be reached at hiawatha.bray@globe.com. Follow him @GlobeTechLab.