People's Energy - serious data breach

phillw

Talldave said:
I find the benefit of using desktop pc with a mouse is that I can "hover" over the links in such emails to see what url they direct you to without actually clicking them. Nine times out of ten the email is fake.

You can do that with a mouse trackpad too.

phillw

shoppinglocal said:

​The information itself is not held online but in a computer server. It is this server that has been accessed from the internet.

That is literally what "online" means.
It may not have been publicly available online, but their security was obviously lax.

UnclaimedEnergy

Mickey666 said:

Doc_N said:

We’re very sorry to tell you that on the 16th December People’s Energy was affected by a cyber security data breach.

No financial information, bank account details, or People’s Energy online account passwords have been compromised for any domestic customers. However, some personal details were accessed. These include member names, addresses, email addresses, telephone numbers, dates of birth, People’s Energy account numbers, tariff details, and meter identification numbers.

We have acted quickly and informed the Police, Information Commissioner and Ofgem. We’re following their advice in dealing with this situation. 

To say I'm livid would be a gross understatement.  Never again with these people - and probably a risk with any smaller supplier that can't or won't afford proper security.

Well it's certainly unfortunate but is it really such a big deal lin practice?  (I agree the breach is a big deal, I'm thinking about the possible consequences).

Loads of people will know your name, address and email.  Similarly your DoB.  personally, I think there should be some sort of rule against using DoB as any form of security as it is pretty much public domain really - millions have it on social media for example.  As for telephone number, well most people give that away through caller ID everytime they make a call, so that's no biggie either.  I'm nt sure what a scammer could do with your People's Energy account number or tariff details either.  As for your meter number, if like millions of people, you have an meter box at your property then it is effectively open for anyone to have a look at so I'm not sure about the security risk their either.

So yes, I'd also be angry because I'd now want to be changing supplier, which is always a hassle, but I wouldn't be losing any sleep over losing anything else.

Most companies you call up would normally be happy taking your name and address to verify your information. If you also have the phone number that would have been associated to the account you can make up an excuse of "old number/lost phone" - then end up getting full access to the accounts etc.

All of this information will be sold on the dark web, likely to multiple people who will use it to get financial gain and to also try to mess with people. For everyone affected you need to be very vigilant during this time. Be suspicious of all texts/emails you are unsure of for a while.