People’s Energy has been the latest target of a cyberattack in the energy industry, with personal information on all current and former domestic customers accessed.
Data accessed included names, addresses, phone numbers, email addresses, dates of birth, People’s Energy account numbers, tariff details and gas and electricity meter identification numbers.
The company assured that despite this, no financial information was compromised and that online People’s Energy account passwords also remain secure.
As soon as People’s Energy became aware of the situation – which occurred on 17 December - it “acted immediately” according to a spokesperson for the energy supplier and closed down the route being used to access the system within hours.
It also immediately informed the Information Commissioner’s office and Ofgem, the spokesperson said, with the police now also investigating.
Customers were made aware of the breach and given advice by the next day, with this advice including being vigilant to suspicious contact and taking great caution in how they respond to this contact unless the source has been verified. A dedicated phone line and email helpline have also been set up for this.
The spokesperson said People’s Energy is “extremely upset” that the breach occurred, pointing to how the supplier is a Community Interest Company and takes pride in “putting our customers and community first”.
“We take the safety of our customers’ data very seriously and are very sorry that this criminal attack has affected so many people.”
The company is not the only one within the energy industry to have been a target of a cyberattack this year. In May, Elexon was hit by a cyberattack targeting its internal IT systems, with files posted online in June.
Wind giant Energias de Portugal (EDP) was also targeted this year, with attackers using Ragnar Locker ransomware to steal over 10TB of sensitive company files.
In People Energy’s case, consumer action law firm Your Lawyers has agreed to take legal action forward for customers affected by the data breach.
Aman Johal, director of Your Lawyers, said that in these sorts of instances where personal information is exposed, consumers may be vulnerable to further cyberattacks and can fall victim to both fraud and phishing scams.
This is because “criminals are known to contact data breach victims and pose as the breached company by using exposed information to dupe people into thinking that they are legitimate”, Johal said, adding that this is something customers should “be vigilant about”.