CPS Energy reports third party data breach

CPS Energy, a city-owned utility serving San Antonio and adjoining Texas counties, is reporting a data breach that occurred in 2023 through their third-party vendor, CLEAResult. The incident was part of a larger "vulnerability exploit" involving MOVEit, a file sharing program used by CLEAResult.

CPS Energy claims that the compromised data did not include Social Security numbers, financial information, or any identifying information of its customers. 

The number of affected individuals and the typs of exposed data has not been disclosed.

CPS Energy states they have implemented several measures to enhance their cybersecurity. The utility is launching a comprehensive technology overhaul including infrastructure updates, partnering with Oracle for a 10-year software system upgrade, and has approved a $150 million budget increase for IT support.