Eversource Energy recently disclosed a data breach affecting approximately 3,049 individuals across the United States after attackers gained access to company systems through a phishing campaign.
According to the company, the cybersecurity incident occurred in April 2026 and involved cybercriminals using compromised employee credentials to access a limited number of files within Eversource Energy’s systems.
The exposed information reportedly varied by individual but may have included Social Security numbers, financial account information, addresses, and government-issued identification information.
Because the breach involved sensitive personal and financial information, affected individuals may face increased risks of identity theft, fraud, phishing attacks, and unauthorized financial activity.
What Happened in the Eversource Energy Data Breach?
Eversource Energy stated that the company became the target of a phishing campaign during April 2026.
According to the notification, cybercriminals obtained compromised credentials that allowed unauthorized access to a limited number of files within the company’s systems.
The company later disclosed the incident to the Maine Attorney General on May 21, 2026, and stated that affected consumers would begin receiving written notification letters on May 27, 2026.
The breach reportedly impacted approximately 3,049 individuals nationwide.
What Information Was Potentially Exposed?
The information potentially exposed in the Eversource Energy data breach may include:
- Full names
- Mailing addresses
- Utility service addresses
- Account information
- Phone numbers
- Email addresses
- Social Security numbers
- Driver’s license numbers
- Federal identification numbers
- Financial account numbers
The exact information exposed may vary depending on the affected individual.
Because Social Security numbers and financial account information were potentially compromised, affected individuals may face elevated risks of financial fraud, identity theft, and phishing scams.
Who Is Affected by the Eversource Energy Data Breach?
The breach reportedly affected approximately 3,049 individuals across the United States.
Individuals who received a notification letter from Eversource Energy should carefully review the notice to determine what specific information may have been impacted.
About Eversource Energy
Eversource Energy is a Fortune 500 utility company that delivers electricity, natural gas, and water services to customers throughout Connecticut, Massachusetts, and New Hampshire.
As a major utility provider, the company maintains sensitive customer and account information within its systems, making cybersecurity protections critically important.
How Did Eversource Energy Respond?
Following discovery of the incident, Eversource Energy reportedly launched an investigation into the phishing attack and took steps to address the unauthorized access.
The company is also offering affected individuals 24 months of complimentary identity protection services through IDX.
According to the notification, these services reportedly include:
- Identity protection monitoring
- Credit monitoring assistance
- Fraud recovery support
Affected individuals can reportedly enroll online or by phone before the stated enrollment deadline.
What Should Affected Individuals Do?
Individuals affected by the Eversource Energy data breach should consider taking proactive measures to help protect their personal and financial information.
Monitor Credit Reports and Financial Accounts
Affected individuals should closely review bank statements, financial accounts, and credit reports for suspicious activity or unauthorized transactions.
Consumers can request free credit reports through:
- AnnualCreditReport.com
Consider a Fraud Alert or Credit Freeze
Because sensitive personal information may have been exposed, individuals may want to place a fraud alert or security freeze with the major credit bureaus.
Major credit reporting agencies include:
- Equifax
- Experian
- TransUnion
Remain Alert for Phishing Attempts
Cybercriminals often use stolen personal information to conduct phishing attacks through fraudulent emails, phone calls, and text messages.
Affected individuals should remain cautious when responding to unsolicited communications referencing Eversource Energy or the data breach.
Change Passwords and Secure Accounts
Because the incident involved compromised credentials, affected individuals should consider updating passwords associated with online accounts and enabling multi-factor authentication where available.
Why Phishing Attacks Are Dangerous
Phishing attacks remain one of the most common causes of corporate cybersecurity incidents. Attackers frequently use deceptive emails or fake login pages to steal employee credentials and gain access to internal systems.
Once credentials are compromised, attackers may access sensitive customer data, financial records, and other confidential information.
Organizations operating within critical infrastructure sectors such as energy and utilities are particularly attractive targets because they maintain large volumes of sensitive customer information.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Frequently Asked Questions
What happened in the Eversource Energy data breach?
Eversource Energy disclosed a cybersecurity incident involving a phishing attack that allowed attackers to access certain company files using compromised credentials.
What information was exposed in the Eversource breach?
The potentially exposed information may include names, addresses, account information, Social Security numbers, driver’s license numbers, and financial account information.
How many people were affected by the breach?
Approximately 3,049 individuals across the United States were reportedly affected by the incident.
When did Eversource Energy discover the incident?
According to the company, the phishing-related cybersecurity incident occurred during April 2026.
Is Eversource Energy offering identity protection services?
Yes. Eversource Energy is reportedly offering affected individuals 24 months of complimentary identity protection services through IDX.
What should affected individuals do after the breach?
Affected individuals should monitor financial accounts, review credit reports, consider placing fraud alerts or credit freezes, and remain alert for phishing attempts.
What happened in the Eversource Energy data breach?
Eversource Energy disclosed a cybersecurity incident involving a phishing attack that allowed attackers to access certain company files using compromised credentials.
What information was exposed in the Eversource breach?
The potentially exposed information may include names, addresses, account information, Social Security numbers, driver’s license numbers, and financial account information.
How many people were affected by the breach?
Approximately 3,049 individuals across the United States were reportedly affected by the incident.
When did Eversource Energy discover the incident?
According to the company, the phishing-related cybersecurity incident occurred during April 2026.
Is Eversource Energy offering identity protection services?
Yes. Eversource Energy is reportedly offering affected individuals 24 months of complimentary identity protection services through IDX.
What should affected individuals do after the breach?
Affected individuals should monitor financial accounts, review credit reports, consider placing fraud alerts or credit freezes, and remain alert for phishing attempts.
