Eversource Energy Data Breach

Eversource Energy reported a cybersecurity incident in April 2026 after unauthorized actors gained access to employee accounts, potentially exposing sensitive customer information. The company is offering 24 months of complimentary identity protection services through IDX.

Eversource Energy’s Data Breach Investigation

Eversource Energy (“Eversource”) disclosed that it was the target of a phishing campaign that allowed cybercriminals to use credentials from two employee accounts to access a limited number of files. The unauthorized access occurred in April 2026. Eversource immediately blocked the activity, implemented additional security measures, and launched a full investigation with external cybersecurity experts to assess the impact and review the files involved.

The investigation revealed that some current and former customer data were contained in the accessed files. Information potentially involved varies by individual and may have included names, mailing and utility service addresses, account information, phone numbers, email addresses, Social Security numbers, driver’s license numbers, federal identification numbers, and financial account numbers.

Eversource emphasized that it is taking proactive steps to enhance its cybersecurity systems and prevent similar incidents in the future. Federal law enforcement has been notified, and the company is cooperating with investigative requests.

When Did This Breach Occur?

The phishing and unauthorized access incident occurred in April 2026, with the company discovering the incident and initiating response measures shortly thereafter. Notifications to affected individuals were sent on May 27, 2026.

What Information Was Breached?

The personal information potentially exposed includes:

• Name
• Mailing and utility service address
• Account information
• Phone number
• Email address
• Social Security number
• Driver’s license number
• Federal identification number
• Financial account numbers

The specific information affected varies by individual.

What You Can Do

Eversource is offering 24 months of identity protection services through IDX. This includes credit monitoring, CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. Enrollment is free and requires the code included in your notification. The deadline to enroll is August 27, 2026.

Additional recommended steps:

1. Monitor credit reports and account statements regularly.
2. Place a fraud alert with one of the three major credit bureaus to help prevent new accounts from being opened in your name.
3. Consider placing a security freeze on credit files for added protection.
4. File a police report if you suspect identity theft.
5. For residents of specific states (e.g., Massachusetts, California, New York, Maryland), state agencies offer additional identity protection resources.

File a Data Breach Lawsuit Against Eversource Energy

If you received a notification from Eversource Energy, you may have legal rights related to the exposure of your personal information. Data breach lawsuits may allow affected individuals to seek compensation for identity theft risks, fraud-related expenses, out-of-pocket costs, time spent addressing the breach, and loss of privacy.

Companies that maintain personal information have a responsibility to implement reasonable cybersecurity safeguards. When unauthorized access occurs, affected individuals may hold the organization accountable.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.