Canadian Electricity Provider London Hydro Discloses Data Breach – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Canadian Electricity Provider London Hydro Discloses Data Breach

London Hydro, the electricity distribution company serving the City of London, Ontario, has announced a cyberattack on its systems, potentially compromising customer data. The breach involves personal and account-specific information.

A cybersecurity concept image showing a padlock in front of electricity pylons and wires.

What Happened

London Hydro, the entity responsible for electricity distribution in the City of London, Ontario, Canada, has publicly disclosed a data breach resulting from a cyberattack on its systems. In a statement made on June 20, the company confirmed that cyberattackers had infiltrated its systems, potentially gaining access to customer data. Following the discovery of the incident, London Hydro initiated a comprehensive investigation in collaboration with its internal security teams and the appropriate authorities. This investigation aims to determine the full scope of the breach, the types of data affected, and the potential actors behind the attack. The targeting of a critical infrastructure provider like an electricity company once again highlights the sensitive nature of infrastructure security in the cybersecurity landscape.

Data Exposed

According to the statement from London Hydro, the information affected by the data breach falls into two main categories: personal identification information and account details. The company specifically emphasized that the attackers did not access financial data or other sensitive information. However, the compromised data holds significant potential for misuse in fraud and phishing attacks.

The data that may have been impacted includes:

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Personal Information: Basic identity details such as customers' full names, home and mailing addresses, email addresses, and phone numbers. This data is highly valuable for attackers to craft targeted phishing attacks. They can use these personal details to make an email or phone call appear legitimate.
  • Account Information: Operational data including customer account numbers, billing numbers, service addresses, subscription plans and tariffs, contract start and end dates, meter numbers, and meter types. While this information alone may not lead to direct financial loss, it allows attackers to conduct social engineering attacks by impersonating customers or even the company itself. For example, an attacker could call a customer, prove their identity with the account and meter number, gain trust, and then request financial information.

London Hydro confirmed that financial and sensitive categories of information, such as dates of birth, government-issued identification numbers, credit card details, or bank account information, were not compromised in the breach. While this indicates no immediate financial risk for customers, the potential for the other compromised data to create indirect risks remains.

How Did the Attack Happen

London Hydro has not shared any technical details about how the attackers infiltrated its systems. No information has been provided regarding the specific vulnerability exploited, the attack vector used, or any malware involved in the incident. The company's statement was limited to a general confirmation that hackers had breached the systems and accessed data. As of now, no known cybercrime group or threat actor has claimed responsibility for the attack. In such incidents, companies often prefer to keep technical details confidential until the investigation is complete and all vulnerabilities are patched. More information is expected to emerge as the investigation progresses.

Who Is Affected

Those directly affected by the data breach are the approximately 170,000 customers served by London Hydro. This customer base covers a very broad spectrum:

  • Residential Customers: Individuals and families living in the City of London.
  • Institutional Customers: Institutions such as schools, hospitals, and public buildings.
  • Commercial Customers: Various commercial entities, from small businesses to large retail stores.
  • Industrial Customers: Manufacturing plants and industrial facilities in the city.

This diversity increases the risk of the leaked data being used for different purposes. While individual customers may be subjected to phishing attacks, commercial and industrial customers could become targets of more complex corporate fraud schemes.

What You Can Do

London Hydro has urged all its customers to be vigilant about suspicious activity related to their accounts and personal information. Assuming your data may have been affected by this breach, it is advisable to take the following precautions:

  • Be Alert for Phishing Attacks: Attackers may use the compromised email addresses and phone numbers to send you fake emails or text messages (smishing) that appear to be from London Hydro. These messages often use phrases like "there is a problem with your bill," "your payment information is outdated," or "you have a special discount," and will ask you to click a link or enter personal information. Carefully check the sender's email address and do not click on any suspicious links.
  • Beware of Phone Scams (Vishing): Be skeptical of anyone calling you and claiming to be from London Hydro. They may try to gain your trust by quoting information they have, such as your account number or address. They will never ask for your credit card details, password, or banking information over the phone. If you receive such a call, hang up and verify the situation by calling the customer service number listed on London Hydro's official website yourself.
  • Monitor Your Account Activity: Regularly check the activity on your London Hydro online account and your bills. If you notice any unusual changes or requests, contact the company immediately.
  • Review Your Passwords: Although there is no information that passwords were leaked, it is good security practice to use this incident as an opportunity to change passwords you use on different platforms, especially if they are the same as your London Hydro account password.

What the Company Is Saying

London Hydro released an official statement regarding the incident. The statement read, "London Hydro and the appropriate authorities are currently investigating a data security incident which may have impacted a portion of personal information on some accounts." The company stated that it prioritizes customer security and that the investigation is being conducted diligently. They sought to allay customer concerns by re-emphasizing that no financial information or other sensitive data categories were affected by this incident. The company also committed to keeping its customers informed as the investigation progresses and new information becomes available.

Source

https://www.securityweek.com/canadian-electricity-provider-london-hydro-discloses-data-breach/

Share This Article
X LinkedIn WhatsApp
← Previous Post Xsolis Data Breach Affects 1.4 Million Individuals Next Post → LastPass Confirms Data Breach in Supply Chain Attack

Weekly Newsletter

Curated data breach news delivered to your inbox every week.