[BreachExchange] People’s Energy suffers data breach in 'extremely upsetting' cyberattack

[Destry Winant]

https://www.current-news.co.uk/news/peoples-energy-suffers-data-breach-in-extremely-upsetting-cyberattack

People’s Energy has been the latest target of a cyberattack in the
energy industry, with personal information on all current and former
domestic customers accessed.

Data accessed included names, addresses, phone numbers, email
addresses, dates of birth, People’s Energy account numbers, tariff
details and gas and electricity meter identification numbers.

The company assured that despite this, no financial information was
compromised and that online People’s Energy account passwords also
remain secure.

As soon as People’s Energy became aware of the situation – which
occurred on 17 December - it “acted immediately” according to a
spokesperson for the energy supplier and closed down the route being
used to access the system within hours.

It also immediately informed the Information Commissioner’s office and
Ofgem, the spokesperson said, with the police now also investigating.

Customers were made aware of the breach and given advice by the next
day, with this advice including being vigilant to suspicious contact
and taking great caution in how they respond to this contact unless
the source has been verified. A dedicated phone line and email
helpline have also been set up for this.

The spokesperson said People’s Energy is “extremely upset” that the
breach occurred, pointing to how the supplier is a Community Interest
Company and takes pride in “putting our customers and community
first”.

“We take the safety of our customers’ data very seriously and are very
sorry that this criminal attack has affected so many people.”

The company is not the only one within the energy industry to have
been a target of a cyberattack this year. In May, Elexon was hit by a
cyberattack targeting its internal IT systems, with files posted
online in June.

Wind giant Energias de Portugal (EDP) was also targeted this year,
with attackers using Ragnar Locker ransomware to steal over 10TB of
sensitive company files.

In People Energy’s case, consumer action law firm Your Lawyers has
agreed to take legal action forward for customers affected by the data
breach.

Aman Johal, director of Your Lawyers, said that in these sorts of
instances where personal information is exposed, consumers may be
vulnerable to further cyberattacks and can fall victim to both fraud
and phishing scams.

This is because “criminals are known to contact data breach victims
and pose as the breached company by using exposed information to dupe
people into thinking that they are legitimate”, Johal said, adding
that this is something customers should “be vigilant about”.