Cyber Attacks Impacted 3,000+ Northeast Utility Customers

(TNS) — The personal information of more than 3,000 Eversource Energy customers in Connecticut, Massachusetts and New Hampshire was exposed following phishing and social engineering attacks that compromised the credentials of two company employees in April.

Eversource officials declined to provide more details about the breach, including how many of the affected customers live in Connecticut. The company said it has notified utility regulators in all three states, along with state and federal law enforcement agencies.

"Our investigation determined that these malicious efforts enabled limited Company data to be accessed through the compromised accounts of two employees," Eversource said in a statement. "The activity was promptly identified and blocked, and additional security measures were implemented to further strengthen our cybersecurity systems."

The company said the incident did not impact electric, gas or water service and did not involve customer information systems, critical operational systems or infrastructure.

According to a letter CT Insider obtained from the office of Connecticut Attorney General William Tong, the information accessed in the breach varies by customer but "may have included" names, mailing and service addresses, account information, phone numbers, email addresses, Social Security numbers, driver's license numbers and financial account information.

Eversource said the unauthorized access has been blocked and that the breach affected 3,049 customers — a fraction of the utility's more than 4.6 million customers across its three-state service territory.

The company is offering affected customers two years of complimentary credit monitoring and identity theft restoration services. Customers whose information may have been exposed will receive direct notification with instructions on how to enroll.

In the realm of cybersecurity, social engineering refers to tactics that manipulate people into revealing confidential information or performing actions that compromise security. Phishing uses fraudulent emails, text messages or websites to trick victims into disclosing sensitive information.

"Eversource takes cybersecurity and the protection of customer information very seriously and will continue to remain vigilant and take appropriate measures to protect against cyber threats and further harden our systems," the company said.

© 2026 Journal Inquirer, Manchester, Conn.. Visit www.journalinquirer.com. Distributed by Tribune Content Agency, LLC.