London Hydro data breach exposes customer account information
Attackers used a customer account to exploit a system vulnerability at Canadian utility London Hydro, potentially accessing the names, contact details and account information of other customers.
- Victim
- London Hydro
On 20 June 2026, London Hydro β the electricity distribution utility serving roughly 170,000 residential, institutional, commercial and industrial customers in London, Ontario β disclosed a data breach that may have exposed personal and account information belonging to some of its customers. The company said it had first noticed suspicious activity on a customer account on 18 June 2026 and immediately began investigating.
According to the utility, the compromised account was used to exploit a vulnerability in its systems, which in turn allowed access to certain information about other customers. London Hydro said it is proactively reaching out to impacted customers and is working with local law enforcement, though it has not disclosed how many people were affected.
What was exposed
The information that may have been accessed includes customer contact details β names, addresses, email addresses and phone numbers β as well as account data such as account and billing numbers, service addresses, pricing plans, contract start dates, and meter numbers and types.
London Hydro stressed that the incident did not involve dates of birth, government-issued identification numbers, payment card details, banking information or other sensitive financial data.
Why it matters
The breach highlights how a single compromised customer-facing account, combined with an unpatched application flaw, can be leveraged to reach data belonging to a much wider population of users. For a critical-infrastructure operator such as an electricity distributor, even a breach limited to billing and contact information carries elevated stakes: the exposed details are exactly the kind of data that fuels convincing follow-on phishing and social-engineering campaigns against utility customers. Several outlets noted that key facts β including the number of customers affected and whether data was exfiltrated β remained unclear in the days after disclosure.
Timeline
London Hydro detects suspicious activity on a customer account and launches an investigation.
The utility publicly discloses the data breach and begins notifying potentially affected customers.
Sources
- securityweek.comhttps://www.securityweek.com/canadian-electricity-provider-london-hydro-discloses-data-breach/
- cbc.cahttps://www.cbc.ca/news/canada/london/london-hydro-investigating-data-breach-affecting-some-customer-accounts-9.7243545
- theregister.comhttps://www.theregister.com/security/2026/06/22/canadian-utility-fesses-up-to-data-breach-but-key-details-remain-off-grid/5259309
- londonhydro.comhttps://www.londonhydro.com/data