Experts report it may be impossible to confirm information transfer
Though New York state and federal law enforcement officials continue to investigate the incident externally, forensic computer experts have completed their internal investigation into the February cyber-security incident that had the potential to involve banking information for approximately one third of Central Hudson Gas and Electric Corp. customers.
“Despite an exhaustive review, these cyber-security forensic experts could not confirm if any private banking information for any of our customers was transferred,” said James P. Laurito, Central Hudson’s president. “They also report that it is likely that it may never be possible to document if information was transferred.
“As a result, we continue to err on the side of extreme caution in advising the notified customers to be vigilant in monitoring their bank accounts and credit reports. Any unauthorized transactions should be reported immediately to their bank and local law enforcement agency,” he said.
Laurito recommends that potentially affected customers take advantage of the complimentary credit-monitoring services that Central Hudson offered to them via mail. Eligible customers received enrollment instructions by U.S. mail, but they must sign up by June 30 in order to be covered. The coverage is retroactive until February 15, 2013, and will extend until June 16, 2014; it will cover all verifiable claims, providing that customers enroll and file fraud complaints promptly.
The investigation conducted by an expert forensic computer firm on Central Hudson’s internal systems confirmed that the incident was the result of malware that infiltrated Central Hudson’s information systems during or prior to September 2012 but likely lay dormant until earlier this year, Laurito said.
“We sincerely regret the understandable concern that this incident has caused our customers. We take this incident very seriously, and we will continue to add new safeguards and procedures to further bolster our cyber security systems,” said Laurito. He said those steps include isolating computers with sensitive data from the Internet, changing password protocols, educating employees about how to identify security issues, updating software patches, and auditing security procedures to continually improve them.
He added that customers who received enrollment letters should contact Experian at 877-371-7902 to enroll in the free credit-monitoring service; those with questions regarding this incident or any matter related to their account should visit CentralHudson.com or call 1-800-527-2714.