Colorado Springs Utilities notified their customers via email that sensitive data was obtained by an “unauthorized party”. The problem appeared to be on a subcontractor side. The name of the company remains unrevealed due to “security reasons”.

As it was stated in the email, Spring Utilities learned of the breach on July 6, and the breach itself occurred on June 15, 2022. Customer names and addresses, their account numbers in the system as well as phone numbers and email addresses were accessed by an unauthorized party. Good news is that financial data, social security and credit card numbers weren’t compromised.

Illicit database access is one of the most common and dangerous information security threat. Recently, we have witnessed plenty of incidents, when intruders managed to gain databases, operated by third-party providers. The interdependence of companies and their subcontractors, distributed business-processes pose certain risks to information security. With this interdependence, it becomes more and more vital for all organizations, involved in any business-process, to be equally well protected. A mistake of an employee, database misconfiguration or deliberate acting by both external and internal intruders can stop the whole process, involving tens of companies. Dangerous leaks of personal, financial and other confidential data, besides  financial and reputational loses are guaranteed. Thus, the time has come to implement new complex approach to security, which is primarily focused on

• increasing employees’ awareness in the sphere of information security;
• work coordination between departments;
• implementation of advanced protective software within the organization’s infrastructure.

To learn more about our recommendations, you may refer to our blog.