A phishing attack against Eversource Energy employees resulted in unauthorized access to personal information of approximately 3,049 customers across Connecticut, Massachusetts, and New Hampshire. The attack compromised employee credentials, enabling adversaries to access customer PII through legitimate internal systems. This item is relevant to energy sector peer organizations and any organization sharing data with Eversource, primarily as a social engineering threat intelligence signal and a prompt for reviewing phishing resilience and MFA coverage on systems holding customer PII.