LaFleur told the Senate Energy Committee on Thursday that employees are now "wiping and scrubbing all databases" and taking other steps to protect sensitive information.
The attack on PG&E's substation was a "game changer" in that it was much more sophisticated than others mounted on substations in the past, Lemler said. The utility, which provides power and gas to a wide swath of Northern and Central California, would not comment further on details pertaining to the investigation.
PG&E has said it plans to spend more than $100 million on security measures, including installing opaque walls and deploying advanced camera systems, enhanced lighting and additional alarms at the San Jose substation and an unspecified number of other critical sites. The company also has stationed guards at substations around the clock and improved its cybersecurity measures, Lemler said.
A California lawmaker, meanwhile, has introduced legislation that would require state utilities to beef up security.
The bill by state Sen. Jerry Hill, D-San Mateo, would require utilities to assess security risks and make needed improvements. The bill would also require utilities to better coordinate responses to security breaches with law enforcement.
Associated Press writer Matthew Daly in Washington contributed to this story.