Duke Energy Data Breach: Customer Information Compromised
ORLANDO, Fla. — Duke Energy announced a significant data breach impacting the personal information of its customers. The incident, which came to light in December 2024, involved the potential exposure of sensitive customer data to a third party. The utility company confirmed that it sent notification letters earlier in the month, alerting affected customers to the security incident.
Details of the Duke Energy Data Breach
The breach, which originated in May 2024, involved a third-party unauthorized access to customer information through Duke Energy’s public website. The compromised data may include account numbers, birthdates, email and mailing addresses, and the last four digits of Social Security numbers. However, Duke Energy assures customers that passwords and credit card information were not affected by this data breach.
In a statement, Duke Energy emphasized its commitment to customer data security: “Duke Energy takes the security of your information seriously and we employed prompt actions to help further protect customer accounts.”
The company has launched a thorough investigation into the circumstances that allowed the unauthorized access. This investigation includes a comprehensive analysis of the vulnerabilities that enabled the third party to obtain customer information.
Duke Energy’s Response to the Data Breach
Following the discovery of the data breach, Duke Energy implemented several advanced modifications to its public website to enhance security measures. The company’s cybersecurity team actively monitors millions of data points daily, identifying and addressing potential threats to continually strengthen its systems.
To mitigate potential risks to affected customers, Duke Energy is offering eligible individuals 12 months of free credit monitoring and additional supplemental features through Experian. This proactive measure aims to help customers protect their financial information and credit scores in the wake of this data security incident.
Key Points from Duke Energy:
- The company conducted a comprehensive analysis of the incident to understand how the third party gained access to customer information.
- There is no evidence suggesting that passwords, financial data, or access to online profiles (My Account or Business Experience portals) were compromised in this Duke Energy data breach.
- Duke Energy’s cybersecurity team continuously monitors for threats and strengthens its systems.
- Significant website modifications have been implemented to enhance security.
- Free credit monitoring is provided to eligible customers through Experian.
Protecting Yourself After the Duke Energy Data Breach
Duke Energy urges customers to remain vigilant against phishing scams. Customers should be wary of any suspicious emails or communications requesting personal information. The company advises customers to report any suspicious activity immediately. The timely reporting of suspicious activity is crucial in mitigating further risk.
This Duke Energy data breach serves as a reminder of the importance of robust cybersecurity measures for all organizations handling sensitive customer information. The incident highlights the potential consequences of data breaches and the need for proactive measures to protect customer data. The company’s response, including the provision of free credit monitoring, demonstrates a commitment to customer protection.