News
Eversource Energy data breach: names and Social Security numbers compromised
BlogBreachesResourcesNews
Eversource Energy data breach: names and Social Security numbers compromised

Eversource Energy data breach: names and Social Security numbers compromised

UpGuard Team
UpGuard Team
May 22, 2026

Key facts: Eversource Energy data breach

  • Date occurred: April 14, 2026
  • Date discovered: April 27, 2026
  • Date reported: May 21, 2026
  • Target entity: Eversource Energy
  • Source of breach: Phishing campaign compromising employee credentials
  • Data types: Names, addresses, account information, phone numbers, email addresses, social security numbers, driver's license numbers, federal identification numbers, financial account information
  • Status: Confirmed; reported on May 21, 2026.
  • Severity: High; exposure of sensitive PII including Social Security and driver's license numbers creates a high risk of identity theft.

What happened in the Eversource Energy data breach?

Eversource Energy (eversource.com) disclosed a high-severity data breach on May 21, 2026. The incident, which originated from a phishing campaign, compromised the credentials of two employees. This unauthorized access allowed a third party to view files containing sensitive customer information. The breach affected a total of 3,049 individuals.

According to the report, the breach occurred on April 14, 2026, and was discovered by the company on April 27, 2026. The compromised data included names, Social Security numbers, driver's license numbers, and financial account information. The high severity reflects the sensitive nature of the records, which could facilitate identity theft or financial fraud. While the investigation is concluded, affected individuals should remain vigilant against potential misuse of their data.

Who is behind the incident?

The attacker or cause of the incident has not been identified.

Impact and risks for Eversource Energy customers

For the 3,049 affected customers, the exposure of Social Security numbers and financial account information presents significant risks. Unauthorized parties could potentially use this data for identity theft, opening fraudulent accounts, or conducting targeted phishing attacks using the stolen contact details. This level of exposure requires immediate attention to prevent financial loss.

Such incidents typically lead to long-term monitoring requirements for victims. Affected individuals are encouraged to freeze their credit, monitor bank statements closely, and implement multi-factor authentication on all sensitive accounts. Proactive transparency from companies like Eversource Energy is essential for mitigating these risks effectively.

How to protect against similar security incidents

Following the breach at Eversource Energy involving sensitive personal information like Social Security numbers, affected individuals and organizations should take immediate steps to secure their data.

  • Implement credit freezes and monitoring. Contact major credit bureaus to place a freeze on your credit report to prevent unauthorized accounts. Monitor your financial statements and credit reports for any suspicious activity or unrecognized charges.
  • Enhance account security with MFA. Enable phishing-resistant multi-factor authentication (MFA) on all financial and personal accounts. Use a hardware security key or an authenticator app rather than SMS-based codes where possible.
  • Protect against social engineering. Be wary of unsolicited emails or phone calls asking for personal information, even if they appear to come from Eversource Energy. Verify the identity of any requester through official, known-good communication channels.
  • Deploy attack surface management. Organizations should implement continuous monitoring to identify and remediate vulnerabilities that could be exploited by phishing. Conduct regular security awareness training to help employees recognize and report sophisticated phishing attempts.

Taking these steps can significantly reduce the risk of identity theft following a data exposure of this nature.

Frequently asked questions

What happened in the Eversource Energy security breach?

On May 21, 2026, Eversource Energy (eversource.com) disclosed a security breach. According to initial reports, a phishing campaign compromised the credentials of two employees, allowing unauthorized access to files containing the personal information of 3,049 individuals.

When did the Eversource Energy breach occur?

The Eversource Energy breach was publicly reported on May 21, 2026. The actual incident occurred on April 14, 2026, and was discovered by the organization on April 27, 2026.

What data was exposed?

The types of data involved in the Eversource Energy incident included names, addresses, account information, phone numbers, email addresses, social security numbers, driver's license numbers, federal identification numbers, and financial account information.

Is my personal information at risk?

If you interacted with Eversource Energy, there's a possibility your personal information could be affected. This incident involved highly sensitive data such as Social Security and driver's license numbers. Stay alert for updates and take precautionary measures to secure your accounts and monitor your credit.

What steps should companies take after being breached?

Eversource Energy has taken steps to secure its systems and plans to notify affected individuals starting May 27, 2026. Companies in this situation typically review security protocols, provide guidance on protective actions like credit monitoring, and deploy attack surface management to prevent future credential compromise.

This cybersecurity news article is powered by UpGuard Breach Risk — continuous attack surface monitoring for your organisation and supply chain.

How secure is Eversource Energy?

Eversource Energy is a utility company that delivers electricity, natural gas, and water services to residential and commercial customers in Connecticut, Massachusetts, and New Hampshire. The company provides bill assistance programs, outage management, and energy efficiency services.
  • Check icon
    View our free preliminary report on Eversource Energy’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
View Eversource Energy's score
View score
https://www.eversource.com
Security ratings
Deliver icon

Sign up for our newsletter

UpGuard's monthly newsletter cuts through the noise and brings you what matters most: our breaking research, in-depth analysis of emerging threats, and actionable strategic insights.

Latest news

Stay up-to-date with the latest news in cybersecurity.
Barnhart data breach: what happened and what's at risk

Barnhart data breach: what happened and what's at risk

A data breach involving Barnhart was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 21, 2026
Station Casinos data breach: what happened and what's at risk

Station Casinos data breach: what happened and what's at risk

A data breach involving Station Casinos was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 21, 2026
Radiology Associates of Richmond data breach: key facts and what we know so far

Radiology Associates of Richmond data breach: key facts and what we know so far

A data breach involving rarichmond.com was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 21, 2026
PartsWarehouse.com data breach exposes customer payment card details

PartsWarehouse.com data breach exposes customer payment card details

A data breach involving PartsWarehouse.com was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 20, 2026
Cardinal Services data breach: what happened and what's at risk

Cardinal Services data breach: what happened and what's at risk

A data breach involving Cardinal Services was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 20, 2026
Pease Mountain Law data breach exposes names and Social Security numbers

Pease Mountain Law data breach exposes names and Social Security numbers

A data breach involving Pease Mountain Law was reported in May 2026. See incident details, impact on customers, and recommended security measures.
UpGuard Team
UpGuard Team
May 20, 2026
View all news
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Contact sales
Free demo
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Free score
Website Security scan resultsWebsite Security scan rating