A data breach at Riviera Utilities, a utility company serving Baldwin County in Alabama, has exposed the personal details of customers after employee email accounts were accessed.
In a statement released last night (May 2), the company confirmed that an unknown actor had gained access to internal data.
Exposed details include the personal information of a “limited number of individuals”, such as names, Social Security numbers, driver’s license or state identification numbers, passport numbers, medical information, health insurance information, credit or debit card numbers, card expiration dates, and card CVVs.
The elements of personal information varied for different customers, Riviera Utilities added.
A forensic investigation carried out on March 28, 2022, determined that the email accounts were accessed on or about October 17, 2021. Those affected in the breach were notified on April 26.
Riviera Utilities said in a statement: “This access did not include the systems storing auto-pay, bank draft data, or other personal information. Additionally, any personal information entered and submitted through Riviera’s website was unaffected by this security incident.
“We have no evidence that any personal information was misused as a result of this incident. However, out of an abundance of caution, we notified individuals whose information may have been included in the files present in the impacted employee email accounts.”
Those affected by the breach are being offered free credit monitoring services.
