Colorado Springs Utilities says some customers’ personal information was stolen

By Abigail Beckman
· Jul. 14, 2022, 1:44 pm
210729-CMOTR-COLORADO-SPRINGS-DRAKE210729-CMOTR-COLORADO-SPRINGS-DRAKEHart Van Denburg/CPR News
The Martin Drake Power Plant in Colorado Springs.

Approximately 200,000 Colorado Springs Utilities (CSU) customers may have had personal information stolen last month. 

The utility said the data disclosure did not include sensitive information like social security or credit card numbers. Names, physical addresses and possibly phone numbers and email addresses were likely accessed, though. 

CSU learned of the issue on July 6, although the unauthorized access happened on June 15. A third-party subcontractor was storing the customer data. That company said it's already implemented system enhancements to protect data, according to CSU.

Cyberattack exposes data of 30,000 people connected with CU Boulder

CSU said it chose to proactively notify customers of the disclosure "in the interest of transparency."

The company issued the following statement regarding the measures CSU takes to keep customer information safe:

"We have a robust cyber security policy and security best practices in place to help prevent data loss and/or unauthorized access. We do not disclose information about you, except as necessary, to perform our utility business operations, sometimes with the help of vendors or business partners, or as permitted by law. To learn more, our privacy disclosure is available on our website."

Colorado Springs Utilities said it will never call or email customers asking for information like credit card numbers, payment or social security numbers. Anyone who receives such communication is asked to not respond, but instead call the utility's Customer Service Center at (719) 448-4800.

The utility is sending a letter out to everyone impacted by the disclosure. 

Listen: Fighting cyber warfare tied to Russian invasion of Ukraine

CSU said the incident is not a "data breach" because a limited amount of information was accessed.

According to the utility's website, "a data breach is the loss of sensitive, proprietary, or confidential information and is typically an event that requires notification according to statute.  Due to the limited information that was accessed, this is not defined as a 'data breach.'  
More information can be found here.

You care!

Southern Colorado is changing a lot these days. We can help you keep up. Sign up for the KRCC Weekly Digest here and get the stories that matter to Southern Colorado, delivered straight to your inbox.

Latest Stories