British Gas responds to data dump: not our data
Barry Cooper reports:
More than two thousand British Gas customers have had their personal details posted online after a security breach.
The energy firm has moved to reassure the 2,200 customers affected that despite email addresses and account passwords being placed online, their bank account information has not been put at risk.
While no credit card information was visible, anybody choosing to log in would have been able to see previous statements, user addresses and other information relating to the customer’s energy account.
The data was made available on file sharing website Pastebin, but was removed and only impacted upon a relatively small number of British Gas’ 17 million customers.
To their credit, British Gas discovered the paste themselves through routine checks. But as significantly, they report that the data posted online does not appear to come from their databases. BBC reports:
It says, however, that it does not think its own systems were breached.[…]
An email sent to affected customers states: “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.
“As you’d expect, we encrypt and store this information securely.
“From our investigations, we are confident that the information which appeared online did not come from British Gas.”