Low-cost energy firm People’s Energy revealed that it was a victim of a cyberattack that led to the breach of the personal information of around 270,000 customers, said Teiss UK. The incident was caused by hackers unauthorized access to the company’s IT system.
People’s Energy, which just recently announced the attack, said that the incident was discovered on December 16 and was immediately addressed. However, it acknowledges that the action was not fast enough to avoid malicious actors from stealing customer data.
According to the company, “We discovered that an unauthorized third party had gained access to one of the systems we use to store some of our members’ data.”
It added, “As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.”
The info included in the stolen files as names, addresses, email addresses, phone numbers, dates of birth, account numbers within the service, tariff details, and meter identification numbers.
The company assured customers that their online accounts and their financial details such as payment credentials are secure. It added that all financial data is kept in a different system with enhanced security.
In an email to customers, the firm said, “Details for all our members were accessed. This includes both current members and former members who’ve used us as their energy supplier in the past. We’re doing everything we can to contact everyone affected to explain what’s happened.”
It added, “We’ve informed the Information Commissioner’s Office and the energy industry regulator, Ofgem. We’re following their guidance, and are keeping them updated on the situation.”
People’s Energy also assured its customers that it is taking data security seriously and that it is working with a committed third-party security team to reinforce its systems.
As part of its information campaign for its customers, the company said that the malicious party can use their personal info for cybercrime.
BBC noted that they may encounter phishing attacks, which can lead to the criminals stealing payment credentials. The details can also be used for fraudulent activities and other illegal measures.
The Edinburgh-based company was co-founded by David Pike and Karin Sode. Regarding the incident, Sode said, “This is a big blow in every way. We want people to feel they can trust us. This was not part of the plan. We’re upset and sorry.”
