All the latest UK technology news, reviews and analysis
|
|
|
19 Jul 2000
Utility firm PowerGen admitted today that it had suffered a breach of internet security which resulted in the leak of bank and contact details of thousands of its customers.
A PowerGen spokeswoman told vnunet.com today: "We found out late yesterday that there was a breach of security. We will be contacting customers whose data was accessed, and passing information to the police."
Further reading
According to PowerGen, 2500 of its gas and electricity customers were affected by the security lapse. However, the customer who discovered the lapse, Leicester-based IT consultant John Chamberlain, said a far higher number of people were affected.
Chamberlain told the BBC how he accidentally discovered a file containing the names, addresses and banking card numbers of an estimated 7000 PowerGen customers when he tried to pay his bill online earlier this month.
"It took no special skills. I couldn't believe what I saw. It was basically names, addresses, credit card details, account numbers and so on," Chamberlain told the paper.
"I thought, 'I wonder if I'm in here', so I clicked the search button and typed in my name and off it went and found my name, address, credit card number, expiry date."
Paul Cronin, head of penetration testing at CenturyCom, said the problem at PowerGen was not an isolated incident and firms often failed to secure customer data, due to a variety of mistakes.
"We find that web connections left open at a firewall allow people to get into back-end databases. Poorly designed web applications and web servers not patched are other sources of problems," said Cronin. He added that security measures applied by hosting firms were often to blame for problems.
Frank Martin, senior security consultant, Siemens Network Systems, said: "PowerGen could have put the tools in place to expose any unauthorised attempts to access confidential customer information. It could have done more to protect unauthorised access to that information."
A Powergen spokeswoman said: "We take the security of customers' personal information very seriously."
She said that the website is secure and Powergen customers can now feel confident about using it.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Prince 2 Project Management Professional, Client Facing...
Solution Architect / Technical Project Manager / Corporate...
Solution Architect / Technical Project Manager / Corporate...
Tier 1 Investment Bank seeks an Administrator with an...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?