What do we know about the People’s Energy data breach?

Cybercrime criminal at computer
Share on facebook
Share on twitter
Share on linkedin

In December 2020, People’s Energy contacted 270,000 people to alert them to a data breach after hackers stole a customer database. Here is what we know about the People’s Energy breach so far.

How did the People’s Energy breach happen?

The breach occurred after cybercriminals targeted the company’s IT systems. During this attack, the hackers accessed and copied the personal information of over 250,000 current and former customers.

How many people are affected?

The People’s Energy breach affects every one of its current customers; it could also involve previous customers. Fifteen small-business customers were also put at risk.

What data was stolen?

The stolen customer data includes:

  • names
  • addresses
  • email addresses
  • dates of birth
  • phone numbers
  • account numbers
  • tariff and energy meter IDs.

No financial information, bank account details, or People’s Energy online account passwords have been compromised for any domestic customers. However, the 15 small-business customers also had their bank accounts and sort codes accessed.

Have I been affected by the data breach?

If you are a People’s Energy customer, your data was involved in this breach. Current customers have all been contacted to alert them to the privacy violation. If you are a People’s Energy customer and have not received this email, you might find it in your spam folder. You might also be involved if you have been but are no longer a customer of People’s Energy.

When did the People's Energy breach happen?

The cybersecurity data breach happened on 16 December 2020.

How did People's Energy respond?

Following the breach, People’s Energy informed the Police, the Information Commissioner and Ofgem. It also launched an internal investigation into why the breach happened. The company also implemented additional security measures to protect customer data from further harm.

Do I need to be vigilant following the breach?

Yes, People’s Energy has warned victims of this breach to be cautious as criminals might try to contact customers using the stolen details. The amount and type of personal data that stolen could leave customers highly vulnerable to phishing attacks.

Find out how can you defend yourself against further harm following a data breach here.

Can I contact People’s Energy about the data breach?

People’s Energy has set up a dedicated team to help customers following the breach. You can reach this team on 0131 378 2357 or by email at helpline@peoplesenergy.co.uk.

Our expert opinion

Commenting on the People’s Energy data breach, Kingsley Hayes, leading data protection expert and head of data breach at Keller Lenkner UK said:

“A spokesperson for People’s Energy said that the business was “extremely upset” that the breach occurred and has highlighted its ‘Community Interest[1]’ status as evidence that it puts its customers and community first. Unfortunately, with the impact on customers potentially significant and distressing, good intentions are no defence if it is found that poor security made the criminal attack possible. Today, businesses of all types and sizes will likely fall victim to a cyberattack at some point. So, every company must do all it can to protect customers from data theft.”

Kingsley Hayes

Make a People's Energy data breach claim

All customers affected by the People’s Energy data breach could now have a compensation claim. As well as claiming for emotional distress and any damage done (e.g. financial losses following phishing attempts), victims of this breach can also claim for the loss of privacy itself.

At Keller Lenkner UK, we are registering people in England & Wales who have been affected by this breach and want justice. Register with us, and we will keep you up to date with any developments as they happen. We will also let you know when you can make a claim.

Contact Keller Lenkner UK’s expert data breach lawyers to discuss the People’s Energy breach.

[1] A community interest company is a company recognised under the Companies Act 2004, that aims to use its profits and assets for the public good.

Share this article:

Share on facebook
Share on twitter
Share on linkedin