A third-party vendor for PPL Electric Utilities said that a breach of its system in 2023 has exposed some PPL customers’ personal information, however financial and other sensitive information was not part of the breach.

In June 2023, a third-party vendor notified PPL Electric Utilities that the vendor was impacted by a widespread breach of the MOVEit file transfer software that the vendor and thousands of organizations use. The initial MOVEit vulnerability was patched in 2023, however, the information was shared on the dark web.

The actors then republished the data in December 2024.

PPL stated that data exposed in the breach did not include banking or credit card information, social security numbers or account passwords, as no such information is shared with this vendor. It did not extend beyond basic information, such as name, address, phone number, email address and utility account number.

“We believe the risks to customers are low,” PPL Electric said in a statement. “We take this matter very seriously. We urge our customers to stay vigilant and protect themselves against scams.”

If anything seems off about a situation, PPL urges customers to reach out. For more information and tips about utility scams, visit pplelectric.com/scams.