Dec 22, 2020 | Articles, GDPR

Customer List stolen

Howard Freeman

Howard Freeman

Utility supplier People’s Energy has had its entire customer list stolen.

All 270,000 customers of People’s Energy, a renewable energy start-up, have had their details compromised in a major data breach incident that occurred last week, on 16th December 2020.

Data breach at Utility supplier People’s Energy
…the company found an unauthorised third party had accessed its data storage systems

This data breach took place on 16th December 2020. It affects both current customers and former customers who have used People’s Energy as their supplier in the past.

The entire database had been stolen by hackers, founder Karin Sode told the BBC. This included information on previous customers. She said that the data breach was a “big blow in every way”. She added, that the company wanted its customers to feel they could trust them. “We’re upset and sorry,” she said.

The company said in a statement, “As soon as we became aware of what was happening, we acted immediately. We were able to close down the route being used to get into our systems. And to stop access to any further information, we’ve informed the Information Commissioner’s Office and the energy industry regulator, Ofgem. We’re following their guidance and are keeping them updated on the situation.”

Stolen Data

Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said.

A small number of business customers had their data stolen. These businesses’ customers have now been contacted by telephone and have taken action.

People’s Energy has contacted the Information Commissioner’s Office, the National Centre for Cyber-Security, the energy regulator Ofgem and the police.

There is a People’s Energy helpline for customers. In the first instance, they can contact People’s Energy on 0131 378 2357 or at

Phishing Threat

For a business, to have your customer list stolen is not just embarrassing, it can have severe consequences. This data breach may still have consequences for the victims. Notwithstanding this, personal financial data was not accessed in this data breach.

Be that as it may, most of those affected are unlikely to face any direct financial risk. However, stolen data may leave them more vulnerable to phishing attacks. This is where a criminal pretends to be from an official source to try to obtain other information, often using what they already have to sound credible.

Don’t let this happen to you. How often do you test your systems? Are your policies and procedures up to date? When did you last carry out a vulnerability assessment or a penetration test on your systems?

Cyber Essentials is the government backed scheme which is proven to reduce the threat of cyber attacks by 70%. Therefore, isn’t it time you considered this as a method to deliver cyber security protection to your business?

Have you assessed the risk to your business from attack by cybercriminals?  Statistics indicate that cybercriminals are successful in hacking a business every 19 seconds. Don’t be one of them!

Therefore, if you would like to discuss implementing Cyber Essentials into your business, you may book a call here. Alternatively, you can reach us on 03333 22 1011 or by contacting us here.


Can we help?