Utility supplier People’s Energy has had its entire customer list stolen.
All 270,000 customers of People’s Energy, a renewable energy start-up, have had their details compromised in a major data breach incident that occurred last week, on 16th December 2020.
This data breach took place on 16th December 2020. It affects both current customers and former customers who have used People’s Energy as their supplier in the past.
The entire database had been stolen by hackers, founder Karin Sode told the BBC. This included information on previous customers. She said that the data breach was a “big blow in every way”. She added, that the company wanted its customers to feel they could trust them. “We’re upset and sorry,” she said.
The company said in a statement, “As soon as we became aware of what was happening, we acted immediately. We were able to close down the route being used to get into our systems. And to stop access to any further information, we’ve informed the Information Commissioner’s Office and the energy industry regulator, Ofgem. We’re following their guidance and are keeping them updated on the situation.”
Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said.
A small number of business customers had their data stolen. These businesses’ customers have now been contacted by telephone and have taken action.
People’s Energy has contacted the Information Commissioner’s Office, the National Centre for Cyber-Security, the energy regulator Ofgem and the police.
For a business, to have your customer list stolen is not just embarrassing, it can have severe consequences. This data breach may still have consequences for the victims. Notwithstanding this, personal financial data was not accessed in this data breach.
Be that as it may, most of those affected are unlikely to face any direct financial risk. However, stolen data may leave them more vulnerable to phishing attacks. This is where a criminal pretends to be from an official source to try to obtain other information, often using what they already have to sound credible.
Don’t let this happen to you. How often do you test your systems? Are your policies and procedures up to date? When did you last carry out a vulnerability assessment or a penetration test on your systems?
Cyber Essentials is the government backed scheme which is proven to reduce the threat of cyber attacks by 70%. Therefore, isn’t it time you considered this as a method to deliver cyber security protection to your business?
Have you assessed the risk to your business from attack by cybercriminals? Statistics indicate that cybercriminals are successful in hacking a business every 19 seconds. Don’t be one of them!