Utility firm PowerGen admitted today that it had suffered a breach of internet security which resulted in the leak of bank and contact details of thousands of its customers.

A PowerGen spokeswoman told vnunet.com today: "We found out late yesterday that there was a breach of security. We will be contacting customers whose data was accessed, and passing information to the police."

According to PowerGen, 2500 of its gas and electricity customers were affected by the security lapse. However, the customer who discovered the lapse, Leicester-based IT consultant John Chamberlain, said a far higher number of people were affected.

Chamberlain told the BBC how he accidentally discovered a file containing the names, addresses and banking card numbers of an estimated 7000 PowerGen customers when he tried to pay his bill online earlier this month.

"It took no special skills. I couldn't believe what I saw. It was basically names, addresses, credit card details, account numbers and so on," Chamberlain told the paper.

"I thought, 'I wonder if I'm in here', so I clicked the search button and typed in my name and off it went and found my name, address, credit card number, expiry date."

Paul Cronin, head of penetration testing at CenturyCom, said the problem at PowerGen was not an isolated incident and firms often failed to secure customer data, due to a variety of mistakes.

"We find that web connections left open at a firewall allow people to get into back-end databases. Poorly designed web applications and web servers not patched are other sources of problems," said Cronin. He added that security measures applied by hosting firms were often to blame for problems.

Frank Martin, senior security consultant, Siemens Network Systems, said: "PowerGen could have put the tools in place to expose any unauthorised attempts to access confidential customer information. It could have done more to protect unauthorised access to that information."

A Powergen spokeswoman said: "We take the security of customers' personal information very seriously."

She said that the website is secure and Powergen customers can now feel confident about using it.

See also:

Safeway hit by hoax emailer

UK supermarket Safeway is investigating how a computer hacker gained access to its databases and sent a hoax message to thousands of customers.  14 Aug 2000

Woolies forced to shut online store

High street veteran Woolworths has been forced to temporarily close its online store after customer credit card and personal details were exposed on its website.  11 Aug 2000

The ecommerce threat: real or imagined?

Recent high profile security breaches at UK ecommerce websites have fuelled consumer fears that it is not safe to have their personal information flying around in cyberspace. But such problems appear to be the result, not so much of faulty technology, but of companies succumbing to short-term solutions and failing to test their systems adequately before going online.  08 Aug 2000

Barclays' web bank suffers security breach

Barclays has reopened its online banking service after an embarrassing security breach forced it offline yesterday afternoon.  01 Aug 2000

Is it too late to plug the PowerGen leak?

The discovery of a security hole in the UK utility's website, which resulted in the leak of thousands of customers' bank and contact details, has further dented public confidence in ecommerce.  25 Jul 2000

European firms getting security wrong

Security has finally become an item on the corporate agenda but many companies are taking the wrong approach to addressing the issue, according to research by IDC.  21 Jul 2000

Panorama to blame for PowerGen gaff?

IT consultant and trouble shooter John Chamberlain said he stumbled across files containing PowerGen customers' credit card details after watching a BBC Panorama programme on IT security.  19 Jul 2000

Security: how safe is your data?

While security has always been an issue, the ability of organisations and individuals to keep their confidential data safe not only from prying eyes but also from attack is becoming an ever greater concern. The problem is becoming particularly marked as the world becomes more networked and companies conduct increasing amounts of business over the internet. Here we look at a range of issues that are starting to affect every one of us.  29 Jun 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!