Important information regarding potential data exposure
Select customer details may have been acquired
In May 2024, a third party may have obtained certain customer information from our public website. Duke Energy takes the security of your information seriously and we employed prompt actions to help further protect customer accounts. However, it is also important to us that you are well informed of the details associated with this matter.
Key Points to Know
- We’ve conducted extensive analysis of the circumstances that enabled the outside party to garner customer information.
- There is no indication that passwords, financial data, or entry to online profiles through My Account or through our Business Experience portals were exposed.
- Our cybersecurity team collects millions of data points daily and distills information that poses potential threats into actionable alerts which prompt us to continually strengthen our systems.
- Since the occurrence, several advanced modifications have been implemented to the public website to help ensure added security for our customers.
Please review the Frequently Asked Questions below for details.
Frequently Asked Questions
How did the unauthorized party retrieve the information?
We believe that the party may have used certain elements of personal information, acquired externally or through other means, to obtain additional information about certain customers’ accounts via our public website.
What type of customer information was potentially retrieved or exposed?
No passwords for our residential or business experience portals were exposed or compromised in connection with this issue. Some of the data that may have been obtained by the unauthorized third party could include account details such as utility account number, date of birth, email address, name, property and/or mailing address, meter number, phone number, last four digits of Social Security numbers for residential customers, and the last four digits of federal tax IDs for businesses.How did Duke Energy respond to the issue?
We launched an investigation with the support of cybersecurity specialists to understand the nature and scope of the issue and consulted with law enforcement on the matter. We also took actions to assist with mitigating the issue and implemented measures to help protect our customer accounts and our systems.What is Duke Energy doing to protect customers’ information?
In response to this issue, our teams took steps to help further protect customer accounts by implementing additional data encryption, monitoring and control measures along with modifications to our website. We will continue to evaluate and implement other measures to help protect the security of our IT infrastructure and systems.Are there specific actions I should take?
It is always a good practice to monitor your accounts for unusual actions and remain alert for any unexpected requests or activity. Always be mindful of phishing attempts such as emails or text messages from unidentified senders that include links, attachments or any asks for personal information.
As a courtesy, we are offering 12 months of free credit monitoring and other supplemental features to eligible customers through Experian. For more information regarding the services available or to address additional questions you may have, please visit ExperianIDworks.com/plus or contact the Experian customer care team at 866.566.3598.