Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Powergen security breach shock

It has been revealed that a major security breach involving the disclosure of personal details (including names, addresses and credit card information) on as many as 7,000 customers has occurred on the Powergen web site.20 Jul 2000

The information exposed included names, addresses and credit card details belonging to customers who use the web site to pay their bills.

The breach was discovered by an IT manager, John Chamberlain, who informed Powergen on 7th July. This prompted Silicon.com to contact the company on 10th July.

In response to an inquiry by news site Silicon.com, Powergen released a statement yesterday acknowledging the breach and assuring users that it is looking into the matter. In the statement, Powergen’s retail managing director, Mike Wagner commented:

"The web site was immediately closed down and our systems experts confirmed that this was a one-off incident. Initial investigations showed that the information which had been accessed was in a file which due to a technical error was temporarily outside of the security gate of the system. This was immediately corrected and new procedures introduced to eliminate the possibility of it happening again".

The incident raises serious issues of data protection and the Data Protection Commissioner has described the situation as a gross breach of customer confidence.

The Commissioner's compliance manager, Lorraine Godkin noted, “we would expect any data collector to provide adequate security... this is a breach of a principle of the [Data Protection] Act”.

Powergen are advising affected customers to cancel their credit cards as a precaution and it is offering compensation for the inconvenience this may cause.

Clearly, it is vital that companies comply with the provisions of the Data Protection Act. For further information this matter see our guide on data protection.