Burlington Hydro, a utility provider in Ontario, Canada, has informed its customers about a potential data breach involving a third-party vendor. The breach, which was discovered on January 22, 2025, could have exposed personal information of all current customers. However, the utility emphasized that no financial data was involved in the breach, as the affected system did not store such sensitive information. While the likelihood of further exposure is considered low, Burlington Hydro recommended that customers monitor their accounts for unusual activity and change passwords regularly as a precaution.
The breach was reported to the Office of the Information and Privacy Commissioner of Ontario (IPC) on January 27, 2025, and the agency is investigating the incident.
The third-party vendor, whose identity remains confidential, is responsible for the cybersecurity issue, and the utility quickly took steps to secure the affected system and prevent further unauthorized access. Burlington Hydro confirmed that there is no ongoing unauthorized access to any data and assured customers that the situation was swiftly contained.
Burlington Hydro further explained that third-party vendors, such as those providing tree trimming services, are contracted to handle specialized tasks that the company cannot efficiently manage in-house. As part of its response to the breach, Burlington Hydro reviewed all internal systems and began contacting other third-party vendors to ensure their cybersecurity protocols were up to standard. The utility is actively working to strengthen its security measures to mitigate future risks of exposure.
The IPC, which is currently investigating the breach, has not provided specific details or a timeline for completing its review. However, the agency confirmed that affected individuals could file complaints, though this is not necessary as the incident is already under investigation. In the meantime, Burlington Hydro has committed to ongoing monitoring and review of its systems to ensure the protection of customer data in the future.
Reference:
