Customers sued the Yazoo Valley Electric Power Association in federal court after the utility waited six months to notify them their names and Social Security numbers might have been stolen. The attack affected more than 20,000 customers.
Hackers who operate under the name "Akira" broke into Yazoo Valley's computer system. Akira is known for subjecting companies to ransomware, holding their data hostage until they pay up. The attack occurred in late August. The utility merely reported on social media:
Yazoo Valley notified the Mississippi Public Service Commission of the data breach in October. The utility finally notified customers on January 30:
The notice was not good enough for some customers. Ratepayer Steven Sanders sued the co-op in U.S. District Court on February 13 in a class action complaint.
Mr. Sanders argued:
4. To be clear – there are numerous issues with Yazoo’s Data Breach, but the deficiencies in the Data Breach notification letter exacerbate the circumstances for victims of the Data Breach: (1) Yazoo waited nearly six months to notify Plaintiff and Class members of the Data Breach; (2) Yazoo fails to state whether it was able to contain or end the cybersecurity threat, leaving victims to fear whether the PII that Yazoo continues to maintain is secure; and (3) Yazoo fails to state how the breach itself occurred. All of this information is vital to victims of a data breach, let alone a data breach of this magnitude due to the sensitivity of information compromised in this specific breach.The complaint charges Yazoo Valley stored customer data in a reckless manner, failed to get an independent review, and remains vulnerable to another attack. The utility had a duty - which it failed - to protect customer data from hacking.
37 comments:
I had a similar experience with the change health hack. I was never notified by the local doctors office that they used the change health system and that my data was included in the hack. United healthcare didn’t send out the notice until 10 months after the hack occurred and the letter only said they may have gotten my ssn, medical records, financial info, personal info, so pretty much everything. I bet with Trump’s administration, any consumer protection laws around this won’t be enforced or may even be taken off the books completely as they only care about protecting big money corporations. It sucks we have zero power when companies act recklessly with out personal data.
No doubt customers have a point in claiming they were late being notified.
Not that it will matter in court, but what would customers have done if they had been notified two weeks after the breech....or, hell, the next day? In other words, lets demonstrate some harm here.
These hackers and scammers ruin a lot of lives. They hurt vulnerable people and many never recovery from the damage they do.
If you were seeing the doctor for your TDS it's not working. What has Trump to do with any of this?
5:49 —
Maybe they would’ve changed their credit cards.
Interesting that the Public Service Commission took no interest in informing the public either
Customers can freeze credit or block credit cards within seconds. And, the issue is duty to notify. Some Yazoo utilities have a long track record of shirking cooperation with law enforcement, much less exercising due diligence.
Hopefully the customers will use this opportunity to replace the board members, so the General Manager can be fired.
-Sue them.
-Obtain judgement for plaintiff.
-Utility raises rates to pay the judgement.
@5:49 - they could have locked their credit files at the very least.
Yet another class action filing where the members of the class have no proven damages.
Go to any chancery clerk in Mississippi and get all the personal information you’d ever want from the land records. Socials, loan numbers, cell phone numbers. These lawsuits do nothing other than increase the cost of x. As long as we use ones and zeros to store info, it’s open season
The General Manager and the entire useless Board of Directors need to be sacked.
Interesting? More like outrageous. De'Keither Stamps knew about this since October and said nothing. UNACCEPTABLE.
Cut and paste lawsuits
HA! The 1st Post in this thread & Trump gets blamed for something...On another note why does Yazoo Electric need your SSN just so you can pay your light bill?
The "co-ops" make political contributions ultimately through electric utility profits to these PSC commissioners through their Political Action Committee. The utilities grease the palms of all legislators across the state to keep them 'their friends".
The electric monopoly in Yazoo gives all their Board of Directors nice deep fried turkeys every Thanksgiving and a posh Christmas dinner paid for by the coop (rate payers) not to mention health insurance.
The management needs replacing. This would happen in any other business model worth a damn.
Looks like their backwoods southern lawyer board attorney Brad Hathaway was asleep at the wheel.
But I thought the “coop model” was about friends and neighbors helping friends and neighbors?
Apparently the Yazoo management leaders failed to remember at least two of the 7 cooperative principles: “information, education and training” and concern for community. dicks
I work in technology for a pretty well-known entity and I put immutable backups in place so that I can restore once this happens. Notice I didn't say if. I'm banking on it. For myself, I use Norton Lifelock to monitor credit, I freeze it and I pay for a service that removes my personal data from the internet. Like it or not, people have to take the responsibility to protect themselves because the competence level in this world isn't growing. It's diminishing.
FYI for all of you uncultured swine… if AKIRA hits you with ransomware… the password to unlock their encryption is TETSUO
Hope this goes to trial in Yazoo County!!!! You know, a jury of their peers and all….
I wish I had done it 15 years ago, but for the past 3 years I have opted out of listing my legit SSN on forms that ask for it. Utilities have no need for it. Neither do medical clinics, hospitals and drug stores.
These places, when asked why, will respond with "We just have to have it" or "We need it for your records".
I will enter an SSN but one digit is always going to be wrong. They do not need my SSN to serve me or to bill me or to track me down for non-payment.
Did you know he starts his day at 4:30am (if he can sleep that late)? https://deltabusinessjournal.com/bradley-f-hathaway/ Fella needs to adjust his shuteye schedule, pronto!
Everybody in Yazoo going to have them one of those big ole Phen Phen houses when this is done!
Phen Phen houses are bigger and use more electricity! Win win for everyone! A new REA model? Brilliant! The New Deal is now the Old Deal.
Yazoo Valley Electric Herald still silent……..
Attorneys who brag about how early they get up make my skin crawl.
I had a case where Brad Hathaway was opposing counsel. Brad is big time! He will tell you so. You don't even have to ask. What a show horse.
I've always wondered what a PUC Commissioner does. Apparently it is little to nothing.
One former PSC commish now sits at the top of the REA pile at 665 Highland Colony Parkway. Was an attorney himself for about 20 seconds. Lives in Reunion I’m told eating steak every night…
I heard Letitia James, and Fani Willis were going to mud wrestle to see which one got to prosecute Trump for this.
One former PSC central commissioner green lit an eminent domain for Cooperative Energy w/o notifying all the land owners affected. There were no complaintants at the hearing because no one was aware there was a hearing!!
PSC stands for Public Service Commission.
But "PUC" and "REA"? Are y'all just making up acronyms??
Post a Comment