The Northwest Territories Power Corporation (NTPC) has sent letters to a majority of its customers notifying them of a ‘data security incident’ that took place last week.
On January 13, while responding to a customer enquiry, the wrong file containing the personal information of 6,000 customers was attached to an outgoing email.
In a statement issued Friday, NTPC said the file contained a list of customer names, meter addresses and account balances.
It did not include banking information, credit card numbers or telephone numbers.
“An employee inadvertently attached the wrong file to an email that was going out to a customer,” NTPC spokesperson Pam Coulter told Moose FM.
“The majority of NTPC customers [are affected], so around 6,000. Letters have been sent out to everyone affected.”
Emanuel DaRosa, president and CEO of NTPC added: “NTPC takes the security of its customers’ information seriously and sincerely apologizes and regrets that this situation has occurred.
“While NTPC may not be required to disclose this data security issue, we feel that we have a moral obligation to our customers to inform them when their information has been compromised.”
DaRosa says letters have already been sent to affected customers, and should arrive within the next 14 days.
The recipient of the email has been contacted by NTPC and has signed a confidentiality agreement. Coulter says NTPC is ‘very confident’ that the email and attachment were not opened and that both have been deleted.
Even still, the company is taking steps to ensure an incident like this doesn’t happen again.
“We’ve provided our customer service employees with standardized responses to customer requests and questions,” said Coulter.
“We’re also reviewing all of our security and privacy requirements with our staff and we’ve reinstated an updated confidentiality statement that goes on all our outgoing emails.”