UK-based green energy company People’s Energy has revealed that cybercriminals had access to the personal information of its entire 270,000 customer database in a data breach.
“On Wednesday 16 December, we discovered that an unauthorised third party had gained access to one of the systems we use to store some of our members’ data,” the company said in a press release.
“As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.”
The company People’s Energy has contacted all its 270,000 current customers, following a data breach.
A relatively new entrant to the burgeoning renewable energy market in the United Kingdom, People’s Energy was set up in 2017 by Sode and her partner, David Pike, after becoming tired of the Big Six energy providers.
The East Lothian pair financed their enterprise to the tune of nearly £500,000 in just 199 days, redistributing 75% of the company’s profits to its clients – who are in fact shareholders – as an annual refund.
Co-founder Karin Sode told BBC News that an entire database had been stolen by hackers and included information on previous customers.
Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said.
But with the exception of that of 15 small-business customers, no financial information had been accessed. Those businesses’ bank accounts and sort codes had been accessed, Ms Sode said.
Headquartered in Edinburgh, the company also has customers in England and Wales. Ms Sode said she was investigating the violation and calling on independent experts, but so far she had no details on the identity of the hackers.
People’s Energy also stressed that it had notified the Information Commissioner’s Office and the regulator of the energy industry and set up a dedicated telephone number and e-mail address for consumers in need of additional information.
The energy provider does not call for a mandatory reset of the online password but advises members to look out for suspicious emails and phone calls.
“If you’re suspicious about an email, call or letter that appears to come from People’s Energy, please contact us straight away,” People’s Energy added. “You can reach us on our dedicated phone number 0131 378 2357, or by emailing [email protected].
Further, on Thursday, Ms Sode released a statement saying, “This is a big blow in every way,”
“We want people to feel they can trust us.
“This was not part of the plan.”
“We’re upset and sorry.”