On November 23, 2022, Upper Peninsula Power Company (“UPPCO”) reported a data breach with the Maine Attorney General’s office after the company learned that an unauthorized party was able to access sensitive consumer information by gaining access to its computer network. According to UPPCO, the breach resulted in the first and last names and Social Security numbers being compromised. Recently, UPPCO sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you received a data breach notification from Upper Peninsula Power Company, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Upper Peninsula Power Company data breach, please see our recent piece on the topic here.

What We Know About the Upper Peninsula Power Company Data Breach

The available information regarding the Upper Peninsula Power Company breach comes from the company’s filing with the Maine Attorney General’s “Data Breach Notifications” web page. According to this source, on around June 23, 2022, UPPCO detected a possible data security event as a result of an unauthorized party breaching the company’s computer network. In response, the company took steps to secure its network and then began working with a third-party cybersecurity firm to investigate the incident and determine what, if any, consumer information was leaked as a result.

The UPPCO investigation confirmed that an unauthorized party was able to access certain files stored on the company’s computer system. Further, the investigation revealed that some of the files contained confidential information belonging to some of the company’s customers.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Upper Peninsula Power Company began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your first and last name and Social Security number.

On November 23, 2022, Upper Peninsula Power Company sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the data breach report posted on the Maine Attorney General’s website, the UPPCO data breach affected 39,400 individuals.

Founded in 1884 under the name Peninsula Electric Light and Power Company, Upper Peninsula Power Company is a power company based in Ishpeming, Michigan. The company provides energy to approximately 54,000 customers in 10 counties in Michigan's Upper Peninsula. UPPCO owns seven hydroelectric renewable energy generation facilities and two combustion turbines, generating approximately 80 megawatts. Upper Peninsula Power Company employs more than 155 people and generates approximately $41 million in annual revenue.