Posted On December 9, 2022 Consumer Privacy & Data Breaches
On November 23, 2022, Upper Peninsula Power Company (“UPPCO”) filed notice of a data breach with the Attorney General of Maine after the company experienced a network intrusion that resulted in confidential consumer information being leaked to an unauthorized party or parties. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ first and last names and Social Security numbers. After confirming that consumer data was leaked, UPPCO began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the UPPCO data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Upper Peninsula Power Company.
The available information regarding the Upper Peninsula Power Company breach comes from the company’s filing with the Maine Attorney General’s “Data Breach Notifications” web page. According to this source, on around June 23, 2022, UPPCO detected a possible data security event as a result of an unauthorized party breaching the company’s computer network. In response, the company took steps to secure its network and then began working with a third-party cybersecurity firm to investigate the incident and determine what, if any, consumer information was leaked as a result.
The UPPCO investigation confirmed that an unauthorized party was able to access certain files stored on the company’s computer system. Further, the investigation revealed that some of the files contained confidential information belonging to some of the company’s customers.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Upper Peninsula Power Company began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your first and last name and Social Security number.
On November 23, 2022, Upper Peninsula Power Company sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the data breach report posted on the Maine Attorney General’s website, the UPPCO data breach affected 39,400 individuals.
Founded in 1884 under the name Peninsula Electric Light and Power Company, Upper Peninsula Power Company is a power company based in Ishpeming, Michigan. The company provides energy to approximately 54,000 customers in 10 counties in Michigan’s Upper Peninsula. UPPCO owns seven hydroelectric renewable energy generation facilities and two combustion turbines, generating approximately 80 megawatts. Upper Peninsula Power Company employs more than 155 people and generates approximately $41 million in annual revenue.
Data breaches affected more than 320 million consumers in 2021. That’s more than any year in recorded history. And, unfortunately, the number of data breaches doesn’t appear to be going down—at least not significantly, with only a modest decrease expected by the end of 2022. Given the number of data breaches as well as the potentially devastating consequences of identity theft that often follow in their wake, it is important that you know what to do if your information is leaked in a data breach.
The goal of most hackers when carrying out a cyberattack is to steal consumer information which they can then use to commit identity theft or quickly sell on the dark web. While there is nothing you can do to prevent a data breach, there are steps you can take after learning your information was compromised to reduce the chances of falling victim to fraud. Below are a few steps to take after learning about a data breach that leaked your information. Following these steps will reduce the chances of being a victim of fraud. However, this is not an exhaustive list. So, if a breach involves highly sensitive information, such as your financial account numbers or Social Security number, you may consider taking additional precautions.
After a company experiences a data breach, it will most likely send you a data breach letter in the mail. In fact, companies are required to notify victims anytime they leak consumer data. These letters explain the incident, what led up to it, what the company has done to prevent future breaches, and whether the company has received any reports of fraud from other victims. Thus, the first thing to do is to carefully review the data breach letter to determine whether your information was leaked and, if so, what data was compromised.
Hackers try to use stolen information quickly to avoid giving victims time to close their accounts or otherwise make it harder to commit fraud. However, hackers might need to obtain additional information before having enough data to commit fraud against a victim. In these situations, it may not be until weeks or months after a breach that hackers can use the stolen information. Often, by this point, consumers have let their guard down, and hackers can take advantage of that. Therefore, it is imperative that you not only immediately check up on your accounts but also that you frequently check on them for the months after the breach.
Credit monitoring is a fee-based service offered by many different companies. Credit monitoring alerts you to suspicious activity on your credit profile, such as if there are an abnormal amount of inquiries. Usually, credit monitoring costs between $20 to $40 per month. However, companies will often offer victims of a data breach free credit monitoring for a period of time—usually between one to two years. Indeed, UPPCO is offering this service at no cost to victims for either 12 or 24 months. Signing up for credit monitoring is free and provides you with an easy way to keep an eye on your credit profile. Also, taking a company up on its offer of free credit monitoring doesn’t affect your right to bring a data breach lawsuit against the company if it was negligent in maintaining your information.
Fraud alerts and credit freezes are free services offered by the three major credit bureaus. A fraud alert puts companies that pull your credit on notice that there is reason to believe that an unauthorized party may be attempting to use your information. A credit freeze offers additional protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the UPPCO data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Upper Peninsula Power Company (the actual notice sent to consumers can be found here):
Dear [Redacted],
Upper Peninsula Power Company (“UPPCO”) writes to notify you of a recent event that may have involved some of your information as described below.
UPPCO takes the privacy of information in its care seriously. At this time, there is no evidence to suggest that any of your information was actually viewed or misused. In an abundance of caution, we are providing you information about the event, our response, and steps you can take to help protect your information if you feel it is necessary to do so.
What Happened:
On or around June 23, 2022, UPPCO experienced a network intrusion that affected a limited number of systems. Upon discovery, UPPCO immediately secured its network and engaged a third-party forensic firm to investigate the event. After a thorough investigation, UPPCO discovered that a limited amount of information may have been accessed by an unauthorized party in connection with this event. UPPCO has taken steps to address the event and remains committed to protecting information in our care.
At this time, there is no evidence that your information has been viewed, disclosed, or misused. UPPCO is providing this notification to you in an abundance of caution so that you may take steps to safeguard your information if you feel it is necessary to do so.
What Information Was Involved:
The information that may have been accessed includes your first and last name, in combination with your Social Security number.
What We Are Doing:
UPPCO has taken steps to address the incident and is committed to protecting information in its care. Upon learning of this incident, UPPCO immediately took steps to secure its systems and to enhance the security of its network.
It is important to note, as mentioned above, that there is no evidence to suggest that any information has been misused. However, in an abundance of caution, we are providing you access to [Redacted] months of complimentary credit monitoring and identity protection services through IDX. Instructions about how to enroll in these services and additional resources available to you are included in the enclosed Steps You Can Take to Help Protect Your Information.
What You Can Do:
In addition to enrolling in the complimentary credit monitoring and identity protection services, UPPCO recommends that you remain vigilant and regularly review and monitor your account statements and credit history to guard against any unauthorized transactions or activity. If you discover any suspicious or unusual activity on any of your accounts, please change your password promptly, take additional steps necessary to protect your account and notify your financial institution or company, if applicable. Additionally, please report any suspicious events to local law enforcement and/or your state Attorney General. Please review the additional information below, which contains more information about the steps you can take to help protect yourself against fraud and identity theft.
For More Information:
Should you have questions or concerns regarding this matter, please do not hesitate to call us at 1-833-896-7336 or email us at [Redacted].
UPPCO takes the security of information entrusted to our care very seriously. While it is regrettable this potential exposure occurred, please be assured UPPCO is taking appropriate actions to rectify the situation and prevent such incidents in the future.
