Major Online Security Breach at SFPUC?

180,000 SFPUC customers may have had their data exposed due to a security breach. CNET has broken the news of a potentially major online security breach at the San Francisco Public Utilities Commission – the City of San Francisco’s water and power agency.

According to the breaking report the SFPUC recently became aware that a file holding names, account numbers and other personal information including phone numbers and addresses of customers was on a server that had been opened.

What SFPUC isn’t quite certain of is how viruses ended up on the server and if any customer information was stolen. An SFPUC spokesperson said that “it looked like someone had found an open port on the server and dumped a bunch of viruses on it.”

This breach is of somewhat grave concern, given the recent news of hackers at Sony and hackers stealing “personal Gmail passwords of hundreds of senior U.S. government officials.”

According to SFPUC, “there was no indication that any information was taken” and no Social Security numbers or bank information is even given to the SFPUC so there’s no risk there either. While this breach appears to be relatively minor compared to what it could have been, it must act as wake up call to City Hall to ensure that all cyber activity is as secure as possible.

This isn’t the first major breach of security in San Francisco city government. A few years ago a disgruntled employee locked the city out of it’s own computer system – and the passwords were only retrieved by the mayor who went on a daring jail visit to charm the employee out of the codes.

We will be following this story closely and bringing you updates.

Sign up for our weekly newsletter and join the conversation on Facebook.
Eric Jaye's picture

Not the first time

There have been other security/privacy issues from SFgov. 

A few years ago the Human Services Department – which is one of the very best run agencies in the whole city – lost track of some private documents.

http://www.ktvu.com/news/16961916/detail.html

Maybe time to look at privacy policy city wide?

Katie Short's picture

Really? San Francisco?

This news from CNET is worrisome.  Residents of San Francisco are asked to share personal information with the city for services, and in turn, the city is trusted to give due diligence to protecting that information. It is not a small oversight that an unsecured server was storing personal information.

Paid for by Phil Ting for Assembly 2012. FPPC ID# 1343137