39 Thousand Individuals’ Social Security Numbers Affected by Upper Peninsula Power Company
Table of Contents
- By Steven
- Published: Dec 13, 2022
- Last Updated: Mar 30, 2025
Power companies are an underrated target for hackers worldwide. To sign up for power services, you need to offer the company your name, social security number (SSN), address, and other forms of ID, among other things. These make them plentiful prey for criminals, especially because these places often have slightly fewer cybersecurity measures because they would never expect to be a prime target. Upper Peninsula Power Company (UPPCO) was a victim of one such breach, with the attackers managing to gain access to tens of thousands of social security numbers.
How Did the Attack Occur?
The attack occurred when an unauthorized third party accessed the company’s inner systems. UPPCO described it as a hack and “network intrusion,” saying, “On or around June 23, 2022, UPPCO experienced a network intrusion that affected a limited number of systems. Upon discovery, UPPCO immediately secured its network and engaged a third-party forensic firm to investigate the event. After a thorough investigation, UPPCO discovered that a limited amount of information may have been accessed by an unauthorized party in connection with this event.”
What Information Was Viewed or Stolen?
Surprisingly, the company got away with little information accessed. Having a criminal’s hands on your social security number is very bad, but it could have been much worse for everyone involved. “At this time, there is no evidence to suggest that any of your information was actually viewed or misused,” said the notice. The letters were sent out anyway, as per the law, because while there may be no evidence, it is still a massive risk to anyone involved.
How Did UPPCO Admit to the Breach?
The company admitted to the breach by notifying the victims; all 39,400. UPPCO also sent a notice to the Office of the Maine Attorney General containing a PDF copy of the notice. The PDF includes a full explanation of the breach and an offer of credit monitoring for the victims.
What Will Become of the Stolen Information?
Frequently, people aren’t aware of the full consequences of an unauthorized party gaining access to their social security number. Unfortunately, there are more things that a hacker can do than you’d typically think of. They can file fraudulent tax returns (which many people rely on), set up loans and utilities in your name, and even get a driver’s license in your name. They could also sell this information to other miscreants, earning them money and leaving your future in who knows how many hands.
What Should Affected Parties Do in the Aftermath of the Breach?
Every breach is different. However, the steps that can be and need to be taken will usually remain the same. Credit monitoring is always a good place to start, as the bureau you select will monitor your sensitive PII and alert you to any unauthorized usage. UPPCO is offering 12 months of free credit monitoring to all victims. You can also take steps independently, like monitoring your emails, mail, texts, and phone calls to ensure you aren’t being scammed.
