Septu summary: “People’s Energy is a Scottish electricity supply company that offers 100% renewable power, and was initially financed by a crowdfunding campaign. They don’t seem to have clarified yet exactly how they were compromised, but the result, apparently, has been the exposure of PI data related to all of their 270,000 customers.”
The company People’s Energy has contacted all its 270,000 current customers, following a data breach.
Co-founder Karin Sode told BBC News an entire database had been stolen by hackers and included information on previous customers.
Data stolen included names, addresses, dates of birth, phone numbers, tariff and energy meter IDs, she said.
But with the exception of that of 15 small-business customers, no financial information had been accessed.
Those businesses’ bank accounts and sort codes had been accessed, Ms Sode said.
And they had been contacted separately by phone.
Most of those affected are unlikely to face any direct financial risk.
But having their data stolen may leave them more vulnerable to phishing attacks – where a criminal pretends to be from an official source to try to obtain other information, often using what they already have to sound credible.
The breach was discovered on Wednesday morning.
And People’s Energy has contacted the Information Commissioner’s Office, the National Centre for Cyber-Security, the energy regulator Ofgem and the police.
Based in Edinburgh, the company also has customers in England and Wales.
Ms Sode said it was investigating the breach and had called in independent experts but so far had no information about the identity of the hackers.