People’s Energy Data Breach Impacts 270,000 Customers

Edinburgh-based electricity supplier People’s Energy has admitted it has suffered a major data breach that has compromised customer data.

The firm touts itself as an affordable and ethical energy provider “that puts people and planet first”. But unfortunately that doesn’t seem to have stopped its entire customer database being stolen by hackers.

The firm made the admission in a blog post on Thursday, in which it discussed the cyber security data breach.

People’s Energy

The breach reportedly happened on Wednesday 16 December, and the firm admitted that while no financial information for its domestic members was compromised, some of its members’ other personal information was accessed.

“On Wednesday 16 December, we discovered that an unauthorised third party had gained access to one of the systems we use to store some of our members’ data,” said the firm. “As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.”

“We’ve informed the Information Commissioner’s Office and the energy industry regulator, Ofgem,” it added. “We’re following their guidance, and are keeping them updated on the situation.”

The firm confirmed to the BBC that its entire customer database has been stolen, and one of the co-founders said she was upset and sorry, and the breach was a big blow in every way.

So what customer data has been compromised?

Well unfortunately it seems like quite a bit, including names, addresses, phone numbers, email addresses, dates of birth, People’s Energy account numbers, tariff details, and gas and electricity meter identification numbers.

Online account passwords were apparently not compromised, and neither was customer financial data.

The firm said it was doing everything it can to notify affected customers.

Significant impact

One security expert warned a breach of this scale can have a significant impact on a business.

“This year has seen a rise in cybercriminal activity, and People’s Energy is the latest business to fall victim to an attack,” said Tony Pepper, CEO of security service specialist Egress Software Technologies.

“Data breaches of this scale can have a significant impact on a business, leading to loss of customer trust but also the potential for expensive private litigation, which we’ve seen in the recent British Airways case,” Pepper added. “Organisations have a duty of care to ensure that sensitive data remains secure, and they must be proactive in putting place the right technology and security strategy to protect their customers’ data.”

“Unfortunately, the amount of personal data that was taken could leave People’s Energy customers vulnerable to phishing attacks in the future,” Pepper warned. “Consumers should remain vigilant to follow-up phishing attacks by checking the email address on any emails they receive, and hovering over any links before they click. Our advice would always be: if you receive an email asking for sensitive personal data or financial details, always ensure that you’re 100% sure it’s legitimate before you proceed.”

Culture change

Another security expert noted that companies now have to apply the same consideration to their cyber security, as they would do for their alarm and fire suppression systems.

“There must be a fundamental change in mindset regarding information security for all organisations,” said Chris Clements, VP of solutions architecture at Cerberus Sentinel.

“Risks from cyber-attack need to be taken with the same seriousness as risks from fire or flooding,” said Clements. “The reality is that most security compromises are simple attacks of opportunity and every organisation is a viable target for cyber criminals.”

“The same way organisations invest in fire suppression and alarm systems they also must consider cyber security protection and monitoring as part of the cost of doing business,” Clements concluded. “It’s critical that this start with adopting a culture of security from executive management to individual line of business contributors.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Signal Shows Data Collection Adverts Facebook Rejected

Signal has had user-targetted adverts on Instagram blocked, as messaging service attempts to highlight Facebook…

5 hours ago

Oversight Board Upholds Trump’s Facebook Suspension

Bad news for Donald. Facebook's 'Supreme Court' upholds suspension of Donald Trump account, but asks…

7 hours ago

US Presses TSMC For More Chips For Car Makers

Global silicon shortage continues, as US Commerce Department presses Taiwanese chipmakers to ease the supply…

8 hours ago

Starlink Signs Up 500,000 Pre-Orders For Satellite Internet

Elon Musk space venture SpaceX has already signed 500,000 customers on pre-order for its Starlink…

10 hours ago

Apple Vs Epic Games Court Battle Continues

Second day of courtroom showdown in the US reveals Epic Games management would have accepted…

12 hours ago

Trump Launches ‘Communications’ Website

Banned from social media for instigating US Capitol riot, Trump launches 'straight from the desk'…

14 hours ago