PPL Electric Utilities, a major U.S. utility company, has confirmed that customer data stolen in the 2023 MOVEit data breach has been released online. The breach, which occurred nearly two years ago, affected a third-party vendor used by PPL and exposed non-critical customer information. According to a PPL spokesperson, the compromised data included basic personal details such as names, phone numbers, email addresses, and utility account numbers.
However, the company emphasized that no critical data, such as banking information, social security numbers, or account passwords, was leaked, as PPL did not share this sensitive information with the affected vendor. This issue is entirely unrelated to PPL’s systems and critical infrastructure across all our service areas,” the company stated, reassuring customers that their internal systems and electricity management remain secure.
PPL customer data breach impact
The MOVEit data breach, discovered in late May 2023, was a large-scale cyberattack that exploited a zero-day vulnerability in the MOVEit Managed File Transfer software. The attack, carried out by the Cl0p ransomware gang, affected over 600 organizations and approximately 40 million individuals worldwide, including government agencies, financial institutions, and major corporations. PPL is currently investigating the extent of the breach and working with the third-party vendor to mitigate potential risks associated with the exposed information.
The company advises customers to remain vigilant and monitor their accounts for suspicious activity. While the leaked data is not considered critical, it can still be used for phishing attempts and social engineering attacks. The incident highlights the far-reaching consequences of large-scale cyberattacks and the importance of robust cybersecurity measures for companies and their third-party vendors.
Image Credits: Photo by Fili Santillán on Unsplash
