In what has been described as a gross breach of consumer confidence, consumer watchdogs condemned lax security at British utility service Powergen Wednesday, for exposing the credit details of over 7,000 customers on its Web site.
It is potentially one of the biggest online security scares to hit the UK.
The breach revealed names, addresses and credit card information of customers who have used Powergen's Web site to pay their bills. Powergen is understood not to have apologised to customers hit by the breach.
According to the Consumer Association over 7,000 of Powergen's 2.5 million UK customers have been affected by the security problem.
"It's a clear breach of security by a company that should be able to keep these things secure," said Alan Stevens, head of digital services at the watchdog. "It severely damages people's confidence [in e-commerce]."
Stevens calls for a urgent review of security and for an apology from Powergen.
A vague comment from a Powergen representative suggested the firm had yet to fully understand the nature of the breach. "Obviously we're very concerned about it. Apparently someone was able to get in and look at other people's credit card numbers."
Powergen claims the Web site is now secure and, although there is no evidence that any details have been used to perpetrate fraud, the police are investigating the situation. The utility company is advising customers who have paid through its Web site to cancel their credit cards.
The Data Protection Registrar is concerned about the situation. It confirms it has been contacted by at least one customer and describes the security problem as a gross breach of customer confidence.
"We would expect any data collector to provide adequate security," says compliance manger Lorraine Godkin. "This is a breach of a principle of the [Data Protection] act."
The breach was uncovered by one Powergen customer visiting the company's Web site on 7 July. A file containing customer information was temporarily exposed to external access, according to Powergen.
If you've been hit by this security breach, please contact Graeme Wearden or Will Knight.