The following is a translation of an alert on Opgelicht?!
Energy supplier Eneco is warning (former) customers of a possible data breach: they have established that cyber criminals have managed to gain access to the accounts of 1,700 customers and that personal information may have been stolen. What you need to know?
Last week, Eneco observed a number of irregular log-in attempts with what it says is a ‘limited number’ of My Eneco accounts: according to information on the website, these are the accounts of 1,700 customers. It is possible that personal data has been accessed, and therefore customers will receive a warning.
Read more on Opgelicht?!
Eneco’s statement of January 8 was as follows:
Unauthorized access to My Eneco
Cyber criminals have used email addresses and passwords from previous thefts at other websites to gain access to approximately 1,700 private and small business My Eneco accounts, the online environment for Eneco customers. Personal data of customers was viewed and possibly changed by third parties. This data breach has been reported to the Dutch Data Protection Authority and a report will be made to the police. Affected customers have been notified and must create a new account with a different password. We are investigating whether we can also take additional measures to further secure logging in to My Eneco.
After the discovery, access to My Eneco was temporarily closed to enable an investigation into the exact cause and extent. This prevents third parties with stolen email addresses and passwords from gaining unauthorized access to My Eneco accounts again. My Eneco is now accessible to all customers again. Independent experts have been engaged to assist in the further processing.
The affected customers have received an email in which they were informed about the data breach, how they can create a new account and the risk they run with the password that was previously used for My Eneco. We also inform our other customers through various channels about the importance of a good and secure password. So that such attacks can be prevented even better in the future, both at Eneco and other online accounts.
In addition, a second group of approximately 47,000 customers will be informed by email about this incident on Monday 11 January as a precaution. There is no reason for this group of customers to assume that their My Eneco accounts have been viewed. But because they have logged in during the same period, they are advised to change their password as a precaution.