Telecom and Logistics Associates 

new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  publication: Christian ALT 
  Save Time and Money

TLAnews: Security NEWs Service 

 19.7.2000 SecurityU.K. Security scandal at Powergen 
Thousands of debit card details open to abuse, UK utility Powergen, has admitted to a massive security breach that left the debit card details of customers open to a potential multimillion pound fraud.

En français: U.K. Scandale de la sécurité chez Powergen
Des milliers d'informations de cartes de crédit ouvertes aux abus, Lo société d'électricité Powergen, a admis un trou de sécurité géant, qui a laissé les détails des cartes de crédite de peurs clients disponible, il s'agit d'un potentiel de fraude de plusieurs millions de livres.

Home
Consulting
Tech Doc
FW-1 FAQ
Training
Products
TLAnews
Archive
Advertising
 

TLAnews.com
Information for security concerned people

 
Register to TLAnews letter
English version
The security hole was discovered by a Powergen customer and silicon.com viewer, John Chamberlain, when he went to the company's site to pay his bill online. Chamberlain - an IT manager - said he was surprised to discover three files on the web server, containing the names, addresses and card details of more than 7,000 home and business users, including his own.

After the discovery he contacted Powergen anf they were embarassed about it. Other customers were not planned to be informed. He then contacted VISA to block his card. And also complained to the Data Protection Commissioner.

From our press review

"Silicon.com has seen a file containing just over 2,500 of the customers' details, and has contacted some of those named in the file. silicon.com confirmed that they are Powergen customers, and read out to each their card number, expiry date, address, phone number, email address and the amount and date of their last payment to Powergen." 
Résumé en français
Le trou de sécurité a été découvert par John Chamberlain, en modifiant les URLs pour accèder au site. Les informations confidentielles sur plus de 7000 clients ainsi qeules siennes ont été trouvées sur le site sans utiliser de technique de pirates, selon lui.

Après en avoir informé Powergen. Il a bloqué sa carte Visa. Il a été très surpris d'apprendre que les autres clients n'allaient pas être informés de la situation. Il a donc averti, la comission de la protection des données.

Il a ensuite informé le site sillicon.com, qui ont pu constater d'eux-mêmes.

Powergen a admis la situation, mais dans un premier temps a considéré que son site était parfaitement sécurisé. Après avoir été contacté par Silicon.com, ils ont changé leur version et accusent John Chamberlain de les avoir piratés, et le menace d'actions en justice ainsi que silicon.com

http://www.powergen.co.uk

Powergen admitted it received a call from Chamberlain about the security problem, but said its investigation found the site to be secure

After beiing contacted by sillicon.com, the company changed its story. And is now accusing Chamberlain of hacking into the site, and has threatened both him and silicon.com with legal action.

The news that one of the UK's largest utilities has fallen victim to such a major security breach will further shake consumer confidence in electronic commerce.

http://www.powergen.co.uk



more security information with TLAnews ...

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: juillet 19, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.