Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

April 29, 2025

State Consumer Counsel requests investigation into Avangrid security incident

PHOTO | CONTRIBUTED Avangrid

The state Office of Consumer Counsel (OCC) on Monday requested an investigation into a security incident that affected customers of two subsidiaries of Orange-based utility company Avangrid.

Earlier in April, the subsidiaries – Connecticut Natural Gas (CNG) and Southern Connecticut Gas (SCG) – issued an alert warning to customers to ignore unsolicited calls or emails seeking payment or disclosure of personal or financial information.   

On April 1, a third party gained illegal access to certain customers’ names and billing account information, including balances due, addresses and phone numbers, according to an alert issued by CNG and SCG the following day.

No customer banking information, account passwords, social security numbers or credit card information was accessed, the alert said.

CNG and SCG said they would contact customers whose data may have been obtained by unauthorized third parties, according to the alert.

OCC says that it has reached out to Avangrid for more information, but the company has refused to provide answers, including:

  • The specific information requested in the phishing email; 
  • The specific categories of customer information released; 
  • The precise number and categories of affected customers; 
  • The information Avangrid provided to customers regarding this sensitive information leak; 
  • Any complaints received from customers to date; 
  • If any internal protocols were violated in the current incident; and 
  • Any steps Avangrid is taking to avoid similar customer information leaks in the future.

OCC filed a petition on Monday asking the Public Utilities Regulatory Authority (PURA) to investigate. 

“OCC requested this information directly from Avangrid, but was refused …,” according to the letter from Consumer Counsel Claire Coleman. “As a result of Avangrid’s refusal, OCC must request an investigation docket in which it may obtain this information.”

Avangrid said in a response to the letter that the security incident did not trigger the statutory reporting requirements because it did not meet the definition of a security breach.

CNG and SCG said they have funded roughly $5 million in cybersecurity defense efforts this year to detect breaches and secure key systems.   

Avangrid said CNG and SCG’s security teams “moved swiftly and have launched a full and thorough investigation to determine the exact cause of the incident and have notified local authorities.”

On Monday, PURA opened a docket in response to the petition.

Sign up for Enews

0 Comments

Order a PDF