Just under 400,000 current and former customers of People’s Energy had their personal details accessed by hackers, the company has revealed.
On Wednesday (16 December) the Edinburgh-based disruptor brand was targeted by cyber criminals who also managed to access the financial details of 15 small business customers. No domestic customers had their financial details exposed.
People’s Energy currently has around 270,000 customers, all of which had details such as names, home addresses, email addresses and phone numbers stolen. The rest were former customers, taking the total up to just short of 400,000 people.
The company says it has identified how its security was compromised and that the breach has now been stopped.
Speaking to Utility Week following the attack company co-founder Karin Sode said the retailer was concerned customers would be targeted by phishing attacks and said they had been warned to look out for suspicious communications.
“We are as upset as our customers about the breach of their data. We pride ourselves on our transparency and focus as a community interest company and will work closely with our customers”, she said.
Sode added that the company does not know why it was specifically targeted.
The company has informed regulator Ofgem about the breach, as well as the Information Commissioners Office (ICO) and the National Cyber Security Centre.
An Ofgem spokesperson said: “The People’s Energy Company has told us of a data breach and has voluntarily reported it to the Information Commissioner’s Office.
“It is for the ICO to determine whether further action needs to be taken. Parties should contact The People’s Energy Company for further enquiries.”