No rate increase predicted due to cyber attack on DMEA

(Montrose Daily Press/file photo)

Delta-Montrose Electric Association officials say they are confident a “malicious” cyber attack on the cooperative’s internal network in November did not compromise customers’ personal data — nor should the expenses associated with repairing the damage affect rates.

Also, citing the need not to compromise the ongoing investigation, they for now remain mum of the exact nature of the cyber attack, including whether DMEA paid the hackers ransom.

“There was no (customer database) breach,” CEO Alyssa Clemsen Roberts said Wednesday, shortly after releasing a letter to DMEA members and the online publication of an updates page (https://tinyurl.com/DMEAupdate).

“No member-sensitive information, nothing that is considered personal identifiable information (as defined by Colorado law). The investigation is ongoing, but I am highly confident the member data are secure.”

Clemsen Roberts said the member data were already encrypted and do not appear to have been accessed.

“We have those logs. I am waiting on final confirmation from the forensic team. When we have that, we’ll share that. Right now, we are highly confident,” she said.

DMEA learned its internal network was compromised Nov. 7. The attack did not compromise internet service through its subsidiary, Elevate Fiber, or the actual power grid, Clemsen Roberts said.

The hack corrupted an estimated 90% of internal network function and a sizable chunk of data, as well as affected DMEA’s phone system. Functionality remained limited Wednesday.

The attack affected operations such as DMEA’s online SmartHub and electronic bill-pay options and made it impossible for consumers to pay online, receive new bills, or access their accounts online.

As previously reported, DMEA will not be charging late fees or disconnecting power for nonpayment before the end of January. It hopes to be able to resume SmartHub and kiosk payments sometime next week. Members are to be notified when those services are available.

But the impact on internal systems and data “was extensive,” per DMEA, which lost much of its saved data. Full restoration is going to take time and as a result, customers might receive back-to-back bills. Clemsen Roberts told the board directors during its Tuesday meeting that about half of the membership will get two bills within two weeks of each other and others might receive three bills, two weeks apart.

All penalty and late fees have been suspended through the end of January, as previously reported.

DMEA said in its Wednesday update that it immediately started working with forensic and cybersecurity experts to assess the scope and impact. That team confirmed no breach of sensitive data.

When asked what specific steps DMEA is taking to strengthen its network, Clemsen Roberts said much of that information is sensitive, but that the cooperative is using outside security experts.

“This is their area of specialty. We are making any and all recommended changes to help us all through this,” she said.

“On top of that, the more you talk about what you have as security measures, the more of a target you put on your back. Right now, we are just doing what we are supposed to do.

“A portion of our internal network is gone. We were victims of an attack. We are very grateful it did not (compromise) member information.”

She and DMEA Board President Kyle Martinez declined to answer when directly asked if the co-op had paid a ransom to the hackers, but also said they did not want to compromise the investigation in a way that would make it harder to identify the culprits.

“Whenever you go through a process like this and bring in experts in legal and IT departments … they have recommendations. We follow their recommendations,” Martinez said.

“We’re working in a way to rebuild in a manner that is safe and so that we can get up and going again. Our focus is to make sure we’re taking care of our members, doing what is right and getting our operations back to 100 percent.”

Costs associated with the attack include the expense of bringing in experts to work on the problems and possible overtime salary costs, Martinez said.

DMEA had already budgeted to work on network security next year and moved those plans up, Martinez also said. The board in a special meeting last month authorized Clemsen Roberts to proceed, he said.

A rate increase associated with the hack is not expected. Clemsen Roberts in her letter to members said DMEA benefited from a significant drop in wholesale power supply costs when it switched to supplier Guzman Energy and this was a major factor in holding the rates steady for 2022.

“We appreciate the support and patience,” Clemsen Roberts said. “Obviously, this is not a great time of year for this and I’m sorry for any worry this has caused. That was never our intention. We’re looking forward to a brighter 2022 for sure.”

Earlier this year, a cyber attack on Colonial Pipeline’s system hampered its ability to deliver fuel on the East Coast. Colonial paid $5 million to release its system, CNBC reported.

The ransomware attack prompted concerns that critical utilities like power grids could also fall victim to savvy criminals.

“I think it is the worry that we (industry-wide) have all the time,” Clemsen Roberts said. She said the internal network that was hacked into at DMEA is kept separate from the grid’s network. “We have different security protocols,” she said.

“These were very sophisticated people,” DMEA Board Director Bill Patterson said. “ … These hackers, all they want is money.”

Martinez thanked DMEA employees as well as the community for being patient.

“We are getting information out as much as we can, when we can, and working as fast as we can to getting things back for the members,” he said.

Katharhynn Heidelberg is the Montrose Daily Press assistant editor and senior writer. Follow her on Twitter, @kathMDP.

Katharhynn Heidelberg is the Montrose Daily Press assistant editor and senior writer. Follow her on Twitter, @kathMDP.

Better than a comments section

Discuss the news on NABUR,
a place to have local conversations


The Neighborhood Alliance for Better Understanding and Respect
A site just for our local community
Focused on facts, not misinformation
Free for everyone

Join the community
What's NABUR?