Last updated: 23 December 2020
On 16 December 2020, People’s Energy was affected by a cyber security data incident. In the vast majority of cases, no financial information for our domestic members was compromised. However, some of our members’ other personal information was accessed.
We understand that this is a cause of real concern and we're really sorry that it happened.
On Wednesday 16 December, we discovered that an unauthorised third party had gained access to one of the systems we use to store some of our members’ data. As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.
We’ve informed the Information Commissioner’s Office and the energy industry regulator, Ofgem. We’re following their guidance and are keeping them updated on the situation.
No. We’ve identified how our security was compromised, and the incident has been stopped.
For all members, certain personal details were accessed. This includes names, addresses, phone numbers, dates of birth, email addresses, People’s Energy account numbers, tariff details, and gas and electricity meter identification numbers.
Online People’s Energy account passwords were not accessed during the incident and remain secure.
For a very small number of members, some partial financial data was compromised. We’ve contacted the members affected.
For the majority of members, your financial data, including bank details, are secure and were not accessed.
Unfortunately, for a very small number of our customers (0.1%), some partial financial data was compromised. We’ve contacted the members affected to discuss the nature of the impact, and to suggest the steps they can take in response to the incident.
Our detailed investigation of the extent of the incident has now been completed.
The personal details outlined above were accessed for all our members. This includes both current members and former members who’ve used us as their energy supplier in the past. We’re doing everything we can to contact everyone affected to explain what’s happened.
For a very small number of our members, some partial financial data was also compromised. Those members have been notified separately. If you haven’t heard from us directly about this, your financial data was not accessed.
Please be vigilant. It’s possible that the party responsible for this incident may try to get in contact with you. Some of the ways you can help to keep your information safe are:
If you’re suspicious about an email, call or letter that appears to come from People’s Energy, please contact us straight away. You can reach us on our dedicated phone number 0131 378 2357, or by emailing email@example.com. We’re experiencing higher call volumes than normal, so if you can, please email rather than calling. We’ll get back to you as fast as we can.
No. As your password wasn’t compromised, your online account remains secure.
We’re currently working with a dedicated external security team to add additional protection to our systems. Your financial data is kept in a separate system with enhanced security.
Yes. Magnum Utilities is the company we partner with to carry out the installation of our smart meters. They may get in touch with you by phone or email to arrange for your smart meter to be installed.
We’ve set up a dedicated team to deal with any questions or concerns you may have. You can reach us by phone on 0131 378 2357, or by emailing firstname.lastname@example.org. We're here 9am-8pm (9am-5pm over the weekend).
We’ll do our best to deal with all your queries as quickly as possible. Please bear with us – your patience is really appreciated.