The complaint alleges that a cyberattack between June 26 and June 30, 2024, compromised the personal data of at least 26,000 CWG customers, including names, addresses, Social Security numbers, driver’s license numbers, financial information, medical information, and dates of birth. According to CWG’s notice to the Vermont attorney general, CWG became aware of the cybersecurity incident on June 30, 2024, and determined on or around December 9, 2024, that some of the affected information included personal data.