A weekend hacking attack potentially compromised the personal information of some 110,000 Central Hudson customers in Dutchess and Ulster counties, the utility company said Wednesday.
A staffer found evidence that the company's servers were compromised during a routine check of Central Hudson's systems Tuesday, company spokesman John Maserjian said.
Central Hudson's IT department secured its servers, then began an investigation, Maserjian said, enlisting the help of an outside computer security company as well as State Police, who have a computer forensics team.
Central Hudson provides electricity and energy services to most of Dutchess County and much of Ulster County. The 110,000 potentially affected customers represent about a third of the total number of customers the utility serves in both counties.
The company emphasized the fact that the customer information was "potentially" compromised, saying it doesn't have evidence so far that the hackers accessed or copied customer information -- only that they could have once they gained access to Central Hudson's servers.
"Until we know more, we're erring on the side of caution," Maserjian said.
Central Hudson will offer the potentially affected customers one year of credit monitoring services. In the meantime, the company will reach out to customers to let them know about the attack.
"We will be using an automated telephone system to call all of our customers for whom we have telephone contact information to alert them as to whether they are potentially affected or not by noon [Thursday]," James Laurito, the company's president, said in a statement Wednesday afternoon.
The other customers, more than 200,000 in all, will receive alerts via phone and mail, the company said.
It wasn't immediately clear when the company will learn how extensive the attack was.
"Unfortunately, we don't have a time frame, although we do realize and understand that time is of the essence," Maserjian said. "We're continuing to work on this full time."
Cybersecurity threats have made headlines in recent months, most of them related to attacks originating out of China. A report this week by security firm Mandiant detailed 141 cyber attacks on American targets, including corporations. Most of them targeted trade secrets and proprietary information, the report said, but some focused on systems that control critical infrastructure.
Maserjian said Central Hudson doesn't know where the recent attack originated.
Most companies do not publicly disclose attacks that compromise their servers, according to a report in Bloomberg News. The same report said most companies do not learn the full extent to which confidential information is compromised, highlighting the difficulties in assessing the damage after a well-executed attack.