The company People's Energy has contacted all its 270,000 current customers, following a data breach.
It has been revealed that an entire database had been stolen by hackers and included information on previous customers. Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs.
The breach was discovered on Wednesday morning and People's Energy has since contacted the Information Commissioner's Office, the National Centre for Cyber-Security, the energy regulator Ofgem and the police.
But with the exception of 15 small-business customers, no financial information had been accessed. Those businesses' bank accounts and sort codes had been accessed, and they had been contacted by People's Energy.
These businesses' are unlikely to face any financial impact, but having their data stolen may leave them more vulnerable to phishing attacks.
Every day in the UK there are over 156 million phishing emails that are sent, 16 million of these pass the filters that are meant to stop them, leading to 8 million phishing emails still being opened.
Phishing attacks are becoming increasingly difficult to spot, so it is extremely important that as a business, you and your employees are all working as safely as possible. Here is a short video highlighting the most common things to look out for to avoid becoming a victim of a phishing attack.
The South East Cyber Resilience Centre provides free core membership as well as a number of bespoke paid membership packages which can be further enhanced through a series of additional ‘bolt-on’ services such as a half-day staff awareness session at your site (up to 30 people). Our security awareness training covers a whole host of cybersecurity subjects, from passwords and phishing to spoofed websites and multi-factor authentication. However, our Ethical Hacking Students do not deliver this in a mundane lecture full of technical jargon. We speak normal language, are fun and translate cyber security advice into easy to understand snippets to increase awareness across your organisation. With the correct training, your employees can improve their cyber awareness which will develop your first line of defence to your company. When attackers defeat your technical measures successfully delivering a phishing email containing a bad link or a piece of malware, staff are usually on their own to identify malicious activity stopping the attack, so ensuring that they are confident is key to preventing a cyber incident. Each session is tailored to the audience, so if you are part of a Board for a National company or a small team of hairdressers looking for some initial advice then we will be able to help - one size does not fit all. Our fully tailored session will address the issues you are facing in your sector. Look at the full range of options and memberships here https://www.secrc.co.uk/membership.