Data security incident

Information and FAQs on the 16 December data security incident

Last updated: 23 December 2020

On 16 December 2020, People’s Energy was affected by a cyber security data incident. In the vast majority of cases, no financial information for our domestic members was compromised. However, some of our members’ other personal information was accessed.

We understand that this is a cause of real concern and we're really sorry that it happened.

We’ve put together some FAQs to answer some of the questions you might have.  You can also reach us on our dedicated phone number 0131 378 2357, or by emailing helpline@peoplesenergy.co.uk.

 

What happened?  

On Wednesday 16 December, we discovered that an unauthorised third party had gained access to one of the systems we use to store some of our members’ data. As soon as we became aware of what was happening, we acted immediately to close down the route being used to get into our system, and to stop access to any further information.

We’ve informed the Information Commissioner’s Office and the energy industry regulator, Ofgem. We’re following their guidance and are keeping them updated on the situation.

 

Is the incident ongoing?  

No. We’ve identified how our security was compromised, and the incident has been stopped.

 

What data was accessed? 

For all members, certain personal details were accessed. This includes names, addresses, phone numbers, dates of birth, email addresses, People’s Energy account numbers, tariff details, and gas and electricity meter identification numbers.

Online People’s Energy account passwords were not accessed during the incident and remain secure.

For a very small number of members, some partial financial data was compromised. We’ve contacted the members affected.

 

Are my financial details secure? 

For the majority of members, your financial data, including bank details, are secure and were not accessed.

Unfortunately, for a very small number of our customers (0.1%), some partial financial data was compromised. We’ve contacted the members affected to discuss the nature of the impact, and to suggest the steps they can take in response to the incident.

Our detailed investigation of the extent of the incident has now been completed.

 

How many people have been affected?  

The personal details outlined above were accessed for all our members. This includes both current members and former members who’ve used us as their energy supplier in the past. We’re doing everything we can to contact everyone affected to explain what’s happened.

For a very small number of our members, some partial financial data was also compromised. Those members have been notified separately. If you haven’t heard from us directly about this, your financial data was not accessed.

 

What should I do now? 

Please be vigilant. It’s possible that the party responsible for this incident may try to get in contact with you. Some of the ways you can help to keep your information safe are:

  • Watch out for suspicious calls or emails. Don’t click links within emails you don’t recognise.
  • Delete texts from numbers or names you don’t know.
  • Let us know if you receive any suspicious or unsolicited emails, in particular any that appear to come from People’s Energy.

If you’re suspicious about an email, call or letter that appears to come from People’s Energy, please contact us straight away. You can reach us on our dedicated phone number 0131 378 2357, or by emailing helpline@peoplesenergy.co.uk. We’re experiencing higher call volumes than normal, so if you can, please email rather than calling. We’ll get back to you as fast as we can.

 

Do I need to change my People’s Energy account details?  

No. As your password wasn’t compromisedyour online account remains secure. 

 

What measures are you putting in place to stop something like this happening in the future? 

We’re currently working with a dedicated external security team to add additional protection to our systems. Your financial data is kept in a separate system with enhanced security.  

 

A company called Magnum Utilities has contacted me about a smart meter installation, is this genuine? 

Yes. Magnum Utilities is the company we partner with to carry out the installation of our smart meters. They may get in touch with you by phone or email to arrange for your smart meter to be installed.

 

Who can I talk to about this? 

We’ve set up a dedicated team to deal with any questions or concerns you may have. You can reach us by phone on 0131 378 2357, or by emailing helpline@peoplesenergy.co.uk. We're here Monday - Thursday 9am - 5pm, and on Fridays 9am - 4pm.

We’ll do our best to deal with all your queries as quickly as possible. Please bear with us – your patience is really appreciated.