Standard content for Members only
To continue reading this article, please login to your Utility Week account, Start 14 day trial or Become a member.
If your organisation already has a corporate membership and you haven’t activated it simply follow the register link below. Check here.
British Gas has assured its customers that a data leak which revealed over 2,000 account login details online was not due to system breach and no payment details have been accessed.
The company was forced to write to 2,200 customers on Wednesday after their login passwords were posted online, but only users’ names, addresses and past energy bills were vulnerable because the system which securely stores payment details was not breached.
“From our investigations, we are confident that the information which appeared online did not come from British Gas,” said British Gas in the letter to customers.
“I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely.”
According to the BBC the data could have been accessed from a different source and checked to see if the same details were used for British Gas. Alternatively customers may have been tricked into revealing their data through a phishing scam.
A spokesman for the company told Utility Week that the very small proportion of its 14.7 million customer base affected by the leak has been contacted, and their accounts disabled, until they can be securely reset.
The leak comes in the same week as retailer M&S reported a minor privacy glitch over online account data, and follows a serious hack attack on telecoms company TalkTalk in which financial data may have been put at risk.
Although the incidents are largely unrelated, utilities companies are likely to come under increased pressure to guard customer data from similar breaches.
Please login or Register to leave a comment.