The information exposed included names, addresses and credit card details belonging to customers who use the web site to pay their bills.
The breach was discovered by an IT manager, John Chamberlain, who informed Powergen on 7th July. This prompted Silicon.com to contact the company on 10th July.
In response to an inquiry by news site Silicon.com, Powergen released a statement yesterday acknowledging the breach and assuring users that it is looking into the matter. In the statement, Powergen’s retail managing director, Mike Wagner commented:
"The web site was immediately closed down and our systems experts confirmed that this was a one-off incident. Initial investigations showed that the information which had been accessed was in a file which due to a technical error was temporarily outside of the security gate of the system. This was immediately corrected and new procedures introduced to eliminate the possibility of it happening again".
The incident raises serious issues of data protection and the Data Protection Commissioner has described the situation as a gross breach of customer confidence.
The Commissioner's compliance manager, Lorraine Godkin noted, “we would expect any data collector to provide adequate security... this is a breach of a principle of the [Data Protection] Act”.
Powergen are advising affected customers to cancel their credit cards as a precaution and it is offering compensation for the inconvenience this may cause.
Clearly, it is vital that companies comply with the provisions of the Data Protection Act. For further information this matter see our guide on data protection.