Blog Image
Profile Image Verifile
| Energy & Utilities
June 28 2018

Data Exposure by Vendor Leads to $2M NERC Penalty for Utility

A public filing by the North American Electric Reliability Corporation (NERC) on Feb. 28 reported that an unidentified electric utility agreed to pay a $2.7 million penalty to resolve violations of the Critical Infrastructure Protection (CIP) reliability standards related to the exposure of the sensitive data.

The violations of the case stemmed from improper data handling practices by the utility and its vendor, leading to the exposure of sensitive utility data on a public server. According to the Notice of Penalty, a third-party vendor improperly copied sensitive data from the utility 's network to its own network environment.