Belfast Telegraph

UK Website Of The Year

Home News UK

British Gas says data leak caused by 'someone external'

Published 29/10/2015

British Gas said that a small number of customer details had briefly appeared online, but its systems were secure
British Gas said that a small number of customer details had briefly appeared online, but its systems were secure

British Gas has said it is "confident" the data leak affecting more than 2,000 of its customers had not come from within the company.

The email address and passwords of 2,200 of its customers appeared online on Wednesday evening - the third technology glitch to affect a major UK company in a week.

The firm insisted its systems are secure, after sending out an email to more than 2,000 customers reassuring them the information had not come from the company. It said the leak was caused by "someone external", and it added that no payment data had been compromised.

The email, from British Gas Customer Services, told customers: " I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely.

"From our investigations, we are confident that the information which appeared online did not come from British Gas."

Details will be sent to the Information Commissioner's Office following the leak, it added.

The data was uploaded to Pastebin, a temporary text uploading website, and discovered by British Gas during routine online checks. The firm removed the data on Wednesday evening.

The company could not confidently pin down a cause for the leak but said it was "someone external", and one possible explanation could be that customers had been victims of a targeted phishing attack.

A British Gas spokeswoman said the leaks affected only a "small proportion" of its 14 million customers.

She said the incident was "very different" to the cyber attacks suffered recently by phone and broadband provider TalkTalk and Marks & Spencer, when customer details were visible online.

All customer accounts are now secure. she added.

On Tuesday evening, Marks & Spencer had to suspend its website for two hours after customers were able to see other people's details when they logged into their accounts.

The company said no-one's details were compromised by the "internal technical problem".

Last week TalkTalk was targeted in a cyber attack in which it said bank account numbers and sort codes, like those printed on a cheque, may have been accessed. A joint operation between the Met's cyber crime unit, the PSNI's cyber crime centre and the National Crime Agency is continuing to probe the incident.

It is not known how many of the telecoms giant's four million UK customers may have been affected by the attack.

Your Comments

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting?

Read More

From Belfast Telegraph