Eversource Energy Discloses Data Breach Affecting Over 3,000 Customers
Eversource Energy, a Fortune 500 utility provider serving customers in Connecticut, Massachusetts, and New Hampshire, recently reported a data breach impacting 3,049 individuals in the U.S. The incident was disclosed to the Maine Attorney General on May 21, 2026, with affected consumers notified via written letters beginning May 27, 2026.
The breach originated from a phishing campaign in April 2026, during which cybercriminals obtained compromised credentials. Using these, attackers accessed a limited set of files containing sensitive personal data. Exposed information varied by individual but potentially included names, addresses, account details, phone numbers, email addresses, Social Security numbers, driver’s license numbers, federal ID numbers, and financial account numbers.
In response, Eversource Energy is offering 24 months of complimentary identity protection services through IDX, available to affected individuals until August 27, 2026. Enrollment can be completed online or by phone during specified business hours.
Source: https://www.claimdepot.com/data-breach/eversource-energy-2026
Eversource Energy cybersecurity rating report: https://www.rankiteo.com/company/eversourceenergy
"id": "EVE1779474403",
"linkid": "eversourceenergy",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3049',
'industry': 'Energy/Utilities',
'location': 'Connecticut, Massachusetts, New '
'Hampshire, USA',
'name': 'Eversource Energy',
'size': 'Fortune 500',
'type': 'Utility Provider'}],
'attack_vector': 'Phishing',
'customer_advisories': '24 months of complimentary identity protection '
'services through IDX (enrollment available until '
'August 27, 2026)',
'data_breach': {'number_of_records_exposed': '3049',
'personally_identifiable_information': 'Names, addresses, '
'Social Security '
'numbers, driver’s '
'license numbers, '
'federal ID numbers, '
'phone numbers, email '
'addresses, financial '
'account numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal Identifiable '
'Information (PII), Financial '
'Information'},
'date_detected': '2026-04',
'date_publicly_disclosed': '2026-05-21',
'description': 'Eversource Energy disclosed a data breach affecting over '
'3,000 customers due to a phishing campaign that compromised '
'credentials, leading to unauthorized access to sensitive '
'personal data.',
'impact': {'data_compromised': 'Names, addresses, account details, phone '
'numbers, email addresses, Social Security '
'numbers, driver’s license numbers, federal ID '
'numbers, financial account numbers',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Phishing campaign'},
'references': [{'source': 'Maine Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
'General'},
'response': {'communication_strategy': 'Written letters to affected consumers',
'third_party_assistance': 'IDX (identity protection services)'},
'title': 'Eversource Energy Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Compromised credentials'}