Following news that People’s Energy has suffered a data breach affecting all 270,000 customers, Information security experts provide an insight below.
<p>Data breaches like the one suffered by People\’s Energy emphasizes the need for companies big and small to harden their systems against breaches of this sort. People\’s Energy should be applauded for not wasting any time in alerting their customers and officials to the breach. This upfront admission could help prevent their customers from being phished by the bad actors that performed the breach.</p> <p> </p> <p>As for People\’s Energy customers, they need to be on the lookout for phishing attempts by the bad guys who may pose as People\’s Energy representatives in an attempt to use the info they\’ve already gleaned from the breach to extract more personal and financial information from the utility\’s customers.</p>
<p>Every data breach is cause for concern, but we should be particularly worried about attacks on critical infrastructure. In the coming days, I hope the attacker can be identified so we know whether this was a nation-state threat actor or just an independent hacker looking for low-hanging fruit. Thankfully, People\’s Energy\’s actual service infrastructure was unaffected, and the vast majority of victims had none of their financial information stolen.</p> <p> </p> <p>People\’s Energy customers should be on the lookout for targeted phishing messages from fraudsters posing as People\’s Energy or a related company. They will use the personal information stored in the database to customize messages and make them more convincing. Never click on links or attachments in unsolicited emails, and always verify the sender\’s identity before responding.</p>
There must be a fundamental change in mindset regarding information security for all organizations. Risks from cyber-attack need to be taken with the same seriousness as risks from fire or flooding. The reality is that most security compromises are simple attacks of opportunity and every organization is a viable target for cyber criminals. The same way organizations invest in fire suppression and alarm systems they also must consider cyber security protection and monitoring as part of the cost of doing business. It’s critical that this start with adopting a culture of security from executive management to individual line of business contributors.
Your Lawyers has agreed to take legal action forward for victims of the People’s Energy data breach. Anyone affected in England or Wales may be eligible to claim compensation with us on a No Win, No Fee basis.
We know from experience that, when personal information is exposed in a data breach, victims may be vulnerable to further cyberattacks and can fall victim to fraud and phishing scams. Criminals are known to contact data breach victims and pose as the breached company by using exposed information to dupe people into thinking that they are legitimate. This is something that customers will need to be vigilant about.
Customers do not deserve to be exposed to such dangers, and we will ensure that the company is held to account for the exposure of a wealth of personal and sensitive information. The door is open for victims based in England and Wales to claim now.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics