14 DAY TRIAL // The San Francisco Public Utilities Commission (SFPUC) has notified its customers that their personal information might have been exposed as a result of a recent security breach.
A commission spokesperson told CNET that the incident involved a server housing sensitive data getting infected with malware.
"The server was open (to the Internet) and had an encoded file on there with all of our customer data," the spokesperson said.
The possibly compromised information includes names, account numbers, home addresses, phone numbers, and e-mail addresses of some 180,000 SFPUC customers.
The file was not encrypted and the data was stored in plain text, although, in somewhat disorganized manner.
The SFPUC representative claims that, if indeed the file was copied, attackers might have a difficult time matching some pieces of information to specific customers.
The commission has been sending notification letters together with bills and via email, to those who had their email address on record.
"The San Francisco Public Utilities Commission (SFPUC) recently discovered that an unauthorized third party gained access to a SFPUC computer system.
"We want to assure our customers that the SFPUC does not possess or require Social Security numbers, and that no tax identification numbers and banking information were compromised.
"While we believe there is limited cause for concern, we want to use this opportunity to remind our customers to always be on alert for any suspicious e-mails or calls requesting personal or sensitive information," the agency wrote in its letter to customers.
The incident comes during a time of increased concern over how government agencies and companies store customer data. A series of breaches this year affected tens of millions of individuals.
Only the Sony PlayStation Network breach affected over 76 million people all over the world. Then in April, the Texas Comptroller announced that her office accidentally left a file with the personal information of 3.5 million people accessible on a public server.