Thousands of British Gas customers have been informed that their email addresses and passwords have been revealed online, though the company has denied that its systems have been breached.
Accounts that have been compromised arecurrently disabled, reportsBBC News, and the company has assured customers that no bank account details have been accessed. The login details could, however, be used to find out details such as names and addresses.
The email sent to customers who have been affected reads: "I can assure you there have been no breach of oursecure data storage systems, so non of your payment data, such as bank account or credit card details, have been at risk. As you'd expect, we encrypt and store this information securely.
"From our investigations, we are confident that the information which appeared online did not come from British Gas."
The email addresses and passwords appeared on document-sharing site Pastebin, but have since been removed. It has beentheorisedthat the details were not obtained via a hack on British Gas, but from another source which was then cross-referenced with users who used the same login details across multiple accounts.
Jason Hart, CTO data protection at Gemalto, said: "Today, people often opt for easy-to-guess passwords, write them down, orjeopardisethe security of multiple accounts by using the same password for online banking, email and social media. As people havemultipleidentities across their business and personal lives, if one account is breached, the likelihood is that all personas are at risk as well.
"Breaches are not a matter of "if" but "when". Companies should also move to a 'secure breach' approach that assumesbreachesare inevitable and place security directly on the data itself by using encryption. This effectively kills the data and renders it useless should it fall into the wrong hands."
The news follows ahack on TalkTalkwhich occurredlast week, which involved a "sustained" cyber attack resulting in the exposure of customer details such as names, addresses, dates of birth, email addresses, phone numbers and other account-related details.
"As we saw with the TalkTalk breach, the failure to encrypt data has potentially exposed thepersonal and financial data of thousands if not millions of customers," Hart added.
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
