BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: UK
Front Page 
Northern Ireland 
UK Politics 
Talking Point 
In Depth 

The BBC's Rory Cellan-Jones
"An embarrassment for the whole e-commerce industry"
 real 56k

Mike Wagner, MD Powergen Retail
"I would like to say how sorry we are"
 real 28k

Wednesday, 19 July, 2000, 16:04 GMT 17:04 UK
Inquiry into Powergen net breach
Electricity pylon
Paying for power online has posed a security question
The electricity and gas supplier Powergen has confirmed a security breach in which thousands of customers may have had their banking details revealed.

It is reviewing its web site security and has begun an internal inquiry into how access was gained to data on customers who pay their accounts online by credit or debit card.

The company said it had contacted police about the incident.

The breach in security on the website of one of the UK's biggest firms was uncovered by a customer, John Chamberlain, of Leicester, who works in the computer industry.

Mr Chamberlain decided to test Powergen's security after seeing the Panorama programme Cyber Attack! earlier this month.

He told the Panorama website: "Your programme was so interesting, that before I paid a bill over the internet, I decided to test the security of the web site I was using.

"In under three minutes I had access to 5,000 credit card details, names and addresses etc.

"Even my own card details are there. I can't believe how easy it was - I teach HTML and anyone could have got this info."

He said: "I could not believe what I saw. It was basically names, addresses, credit card details, account numbers and so on.


" I thought 'I wonder if I'm in here' so I clicked the search button and typed my surname and off it went and found my name, my address, my credit card, my expiry date and so on.

"I was amazed."

Powergen is contacting each customer affected by the breach in security on Wednesday advising them to change their card numbers.

Retail managing director Mike Wagner said: "Our systems experts confirmed that this was a one-off incident.

"Initial investigations showed that the information which had been accessed was in a file which due to a technical error was temporarily outside of the security gate of the system."

He said changes had been made to make sure it would not happen again.

Powergen says it will give each customer 50 in compensation to make up for the inconvenience.

It has closed the online transaction section of the site

Search BBC News Online

Advanced search options
Launch console
See also:

18 Jul 00 | Business
Putting trust online
28 Feb 00 | Business
Powergen buys US firm
09 Jul 00 | Archive
What You Have Said Cyber Attack!
Internet links:

The BBC is not responsible for the content of external internet sites

Links to more UK stories are at the foot of the page.

E-mail this story to a friend

Links to more UK stories