Utility provider Duke Energy reports cyberattack, data breach

Utility provider Duke Energy, is reporting a cybersecurity incident that impacted on their website (duke-energy.com) in May 2024. Unauthorized parties were able to access customer information through their public website by combining externally obtained personal information with data available through their systems.

Duke Energy claims that while utility account information through the My Account or Business Experience portals were compromised, there is no indication that passwords, financial data, or access to online profiles were exposed.

The company has not disclosed the nature of the attack, the total number of affected customers or provided details about what customer information was exposed.

Update - as of 22nd December 2024, the breach is said to include some personal data of many of Duke’s over 8M customers.

The company is reaching out to affected customers through both email and postal mail to ensure all impacted individuals are informed. They are also offering 12 months of free credit monitoring through Experian to affected customers.