Unnamed U.S. power company accused of leaving sensitive data exposed online for 70 days. North American Electric Reliability Corp., or NERC, filed a notice of penalty to the Federal Energy Regulatory Commission. NERC says the company failed to comply with the information protection portion of NERC’s CIP-003-3 standard for security controls. This would be the biggest-ever energy sector fine for violating information security regulations, according to E&E News. The penalty will become final 31 days after the notice was published.”]
Source: https://www.govinfosecurity.com/us-power-company-fined-27-million-over-data-exposure-a-10715