Cyber Incident Victim: Eversource Energy
Date:
Apr 2026
Location:
United States of America
Summary
Eversource Energy experienced a phishing and social engineering attack that compromised the credentials of two employees, allowing unauthorized access to limited company data. The breach exposed personal information of approximately 3,049 customers across Connecticut, Massachusetts and New Hampshire, potentially including names, addresses, account details, phone numbers, email addresses, Social Security numbers, driver’s license numbers and financial account information. The incident did not affect electric, gas or water service, nor did it involve customer information systems, critical operational systems or infrastructure. The utility notified state and federal regulators and law enforcement, and is providing affected customers with two years of complimentary credit monitoring and identity theft restoration services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In April, phishing and social engineering attacks compromised the credentials of two Eversource Energy employees, allowing malicious actors to access limited company data through those accounts. The company’s investigation determined that the unauthorized activity was promptly identified and blocked, after which additional security measures were implemented to strengthen its cybersecurity defenses. Eversource confirmed that the incident did not disrupt electric, gas, or water service and did not involve customer information systems, critical operational systems, or infrastructure. The breach was disclosed publicly in early June 2026 through news reports and statements from the utility.
The exposed data varied by customer but may have included names, mailing and service addresses, account information, phone numbers, email addresses, Social Security numbers, driver’s license numbers, and financial account information. Eversource reported that the breach affected 3,049 customers across Connecticut, Massachusetts, and New Hampshire, representing a small fraction of its more than 4.6 million customers in the three‑state service area. The company notified utility regulators in all three states, as well as state and federal law enforcement agencies, while declining to provide further specifics such as the exact number of affected customers in each state. Unauthorized access has been blocked, and the company stated that the incident did not impact service delivery or critical systems.
In response, Eversource is offering two years of complimentary credit monitoring and identity theft restoration services to the affected customers, who will receive direct notification with instructions on how to enroll. The utility emphasized that it takes cybersecurity and the protection of customer information seriously and will continue to remain vigilant, take appropriate measures against cyber threats, and further harden its systems. No additional details about the attackers’ identity, motives, or the specific vulnerability exploited were disclosed in the available sources.