CMP parent company’s website breach puts employee data at risk

By Whit Richardson, BDN Staff
Posted April 16, 2013, at 11:58 a.m.

Central Maine Power has revealed that a security breach of its parent company’s recruitment website has potentially exposed the personal data of anyone who has applied for or accepted a job at CMP or any of its sister companies in the past six years.

Iberdrola USA, which is based in New Gloucester and owns CMP, confirmed that last week someone had gained “unauthorized access” to its recruitment website, which handles personnel recruitment for itself, as well as its three operating companies: CMP, Rochester Gas and Electric Corp., and New York State Electric and Gas Corp.

Roughly 5,100 individuals may have provided personal information through the website since January 2007 and may be potentially affected, according to John Carroll, CMP’s manager of public affairs.

Just under 1,000 of those potentially affected are in Maine, where CMP and Iberdrola USA are both based, Carroll said. The company is attempting to notify all potentially affected individuals.

Those who applied for or accepted jobs at Energy East, Iberdrola USA’s predecessor, after January 2007 are also among those potentially affected. Iberdrola S.A., a Spanish company, purchased Energy East in 2008 and changed the named to Iberdrola USA.

The recruitment website is a stand-alone system. The security breach did not involve or expose any CMP customer information, according to a news release.

The company is not describing the breach as a “hack,” Carroll said.

“I think hacking suggests that someone has broken in,” he said. “We’re saying it’s unauthorized access.”

When asked what the difference is, Carroll compared it to “someone picking a lock or having a key.”

He couldn’t say, however, whether the perpetrator was an employee. “I think we’re trying to avoid a term that even begins to define who it was,” he said.

An investigation is ongoing to identify the culprit, he said. The company has contacted the FBI and engaged computer forensics experts to assist in the investigation.

Iberdrola USA is offering a year of credit monitoring at no charge to anyone who may have been affected.

http://bangordailynews.com/2013/04/16/business/cmp-parent-companys-website-breach-puts-employee-data-at-risk/ printed on September 23, 2014