Nearly 375,000 Duke Energy Corp. customers may have had personal and banking information stolen in a data breach.
The country’s largest electric company said Tuesday the customers paid a bill by check or cash at 550 walk-in payment processing centers in the Carolinas, Florida, Indiana, Ohio and Kentucky since 2008.
Those payments were processed by TIO Networks, which was hacked in an attack disclosed after the company was purchased in July by PayPal Holdings Inc. Duke Energy customers make up nearly a quarter of the 1.6 million TIO Network customers potentially compromised.
“This TIO Networks issue has possibly and unfortunately affected some of our customers, and we are doing all we can to help,” Lesley Quick, Duke Energy’s vice president of revenue services said in a news release. “We have remained in daily contact with our vendor since they abruptly and unexpectedly disabled their network on Nov. 10 for suspected “security vulnerabilities.”
“We regret the frustration and inconvenience this issue has created for our customers who rely on our authorized walk-in locations to pay their monthly energy bills. We are doing all we can on behalf of our customers to ensure they receive timely information and action from TIO Networks.”
The personally identifiable information that may have been stolen from Duke Energy customers includes names, addresses, electricity account numbers and banking information if a customer paid power bills by check.
TIO Networks is sending letters to notify those affected.