Utility firm PowerGen admitted today that it had suffered a breach of internet security which resulted in the leak of bank and contact details of thousands of its customers.
A PowerGen spokeswoman told vnunet.com today: "We found out late yesterday that there was a breach of security. We will be contacting customers whose data was accessed, and passing information to the police."
According to PowerGen, 2500 of its gas and electricity customers were affected by the security lapse. However, the customer who discovered the lapse, Leicester-based IT consultant John Chamberlain, said a far higher number of people were affected.
Chamberlain told the BBC how he accidentally discovered a file containing the names, addresses and banking card numbers of an estimated 7000 PowerGen customers when he tried to pay his bill online earlier this month.
"It took no special skills. I couldn't believe what I saw. It was basically names, addresses, credit card details, account numbers and so on," Chamberlain told the paper.
"I thought, 'I wonder if I'm in here', so I clicked the search button and typed in my name and off it went and found my name, address, credit card number, expiry date."
Paul Cronin, head of penetration testing at CenturyCom, said the problem at PowerGen was not an isolated incident and firms often failed to secure customer data, due to a variety of mistakes.
"We find that web connections left open at a firewall allow people to get into back-end databases. Poorly designed web applications and web servers not patched are other sources of problems," said Cronin. He added that security measures applied by hosting firms were often to blame for problems.
Frank Martin, senior security consultant, Siemens Network Systems, said: "PowerGen could have put the tools in place to expose any unauthorised attempts to access confidential customer information. It could have done more to protect unauthorised access to that information."
A Powergen spokeswoman said: "We take the security of customers' personal information very seriously."
She said that the website is secure and Powergen customers can now feel confident about using it.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally