UK-based renewable energy supplier People’s Energy has disclosed that cybercriminals accessed the personal details of its entire 250,000 customer database in a data breach.
“On Wednesday 16 December, we discovered that an unauthorised third party had gained access to one of the systems we use to store some of our members’ data,” the company said in a press release. “As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.”
The company said no financial information for domestic customers was accessed during the attack. However, the attackers did manage to view a comprehensive list of customer details, including names, addresses, phone numbers, email addresses, dates of birth, People’s Energy account numbers, tariff details, and gas and electricity meter identification numbers.
Small-business customers were not so lucky, though. In an interview with the BBC, co-founder Karin Sode said the cyber thieves had accessed bank accounts and sort codes of 15 of their business members.
People’s Energy also emphasized that they have informed the Information Commissioner’s Office and energy industry regulator and have set up a dedicated phone number and email address for customers in need of additional information.
The energy supplier is not calling for a mandatory reset of online account password but urges members to watch out for suspicious emails and phone calls.
“If you’re suspicious about an email, call or letter that appears to come from People’s Energy, please contact us straight away,” People’s Energy added. “You can reach us on our dedicated phone number 0131 378 2357, or by emailing firstname.lastname@example.org.
”Were you a victim of a data breach? Time to find out with Bitdefender’s Digital Identity Protection tool.