It has been revealed that a major security breach involving the
disclosure of personal details (including names, addresses and
credit card information) on as many as 7,000 customers has occurred
on the Powergen web site.
The information exposed included names, addresses and credit
card details belonging to customers who use the web site to pay
their bills.
The breach was discovered by an IT manager, John Chamberlain,
who informed Powergen on 7th July. This prompted Silicon.com to
contact the company on 10th July.
In response to an inquiry by news site Silicon.com, Powergen
released a statement yesterday acknowledging the breach and
assuring users that it is looking into the matter. In the
statement, Powergen’s retail managing director, Mike Wagner
commented:
"The web site was immediately closed down and our systems
experts confirmed that this was a one-off incident. Initial
investigations showed that the information which had been accessed
was in a file which due to a technical error was temporarily
outside of the security gate of the system. This was immediately
corrected and new procedures introduced to eliminate the
possibility of it happening again".
The incident raises serious issues of data protection and the
Data Protection Commissioner has described the situation as a gross
breach of customer confidence.
The Commissioner's compliance manager, Lorraine Godkin noted,
“we would expect any data collector to provide adequate security...
this is a breach of a principle of the [Data Protection] Act”.
Powergen are advising affected customers to cancel their credit
cards as a precaution and it is offering compensation for the
inconvenience this may cause.
Clearly, it is vital that companies comply with the provisions
of the Data Protection Act. For further information this matter see
our guide on data protection.
