Feeds

PowerGen stems flow to bloody nose

Top exec with brains turns up just in time

  • alert
  • submit to reddit

The essential guide to IT transformation

It was a massive cock-up and everyone knew it. Leaving customer credit card details and addresses outside the firewall, accessible to anyone with an Internet connection, was ineptitude of the highest order.

It was bad enough shooting itself in the foot once, but then PowerGen proceeded to empty the entire clip into the mangled remnants. No, it wouldn't contact the other people whose privacy had been compromised. Even if it had no intention of contacting them for god's sake tell everyone that you will. And so the security disaster was brought to the press' attention.

Asked about the situation by journalists, PowerGen then denied any such thing has occurred. BANG! Faced with proof, it concedes. BANG! It then accuses the man who discovered the hole and brought it to their attention of being a hacker. BANG! BANG! BANG!

And while it continues firing, the IT and national press stroll up and punch it on the nose, drawing blood first time. The company's top execs must have panicked when they realised how out of control the story had gotten. You can be sure that PowerGen's press spokesman is getting a right royal bollocking today.

But then in steps PowerGen's Retail Managing Director, Mike Wagner - a man with a brain and a hanky to hold to its bloody nose. First of all, be serious and apologise, then say you have some experts on the case who are working out how this could possibly happen (they will produce a report and this will never occur again). Then point out that it has been blown out of all proportion and the truth is far less exciting. Say you have involved the police. Say you are grateful to the man that discovered the hole (and subsequently ruined your week). And finally reiterate your commitment to the Web.

Mikey boy did all this and then kicked in with a sweetener - all those customers affected would be contacted individually and £50 given to those that choose to cancel their credit card. Not much considering the hassle, but at least it looks like concern. 8/10 Mike.

But despite all this, we are still amazed that big companies clearly still haven't sorted out their IT problems. PowerGen isn't the first and sadly it's not going to be the last.

We've put the PowerGen response from Mike Wagner below for you to peruse.

"We take security of customer information extremely seriously and I am sorry that this has happened and that customers may have been inconvenienced.

"The web site was immediately closed down and our systems experts confirmed that this was a one-off incident. Initial investigations showed that the information which had been accessed was in a file which due to a technical error was temporarily outside of the security gate of the system. This was immediately corrected and new procedures introduced to eliminate the possibility of it happening again. There was no breach of the security of our main customer database.

"We are directly contacting customers who pay accounts via the Internet and will assure them that the problem has been corrected. We have also set up a free phone customer information hotline and urge any of our customers who are concerned to contact this number (0800 0157755). As an additional security measure we are advising customers to change their card numbers and will offer compensation for the inconvenience. Meanwhile the online transaction site remains closed.

"We are now embarking on a wider reaching review of systems security in conjunction with external expert consultants and will be in further contact with John Chamberlain to assist us with this review. We plan to publish the results of the external consultants' audit on our web site.

"This has clearly raised some more general concerns about payment over the Internet. I will be asking banks, other financial services organisations and companies engaging in transactions over the web to discuss these wider issues with us. However, we remain committed to the Internet as customers increasingly find it a convenient way of doing business with us." ®

Related stories

PowerGen gives lessons on stupidity
PowerGen credit card security cock-up

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
No, thank you. I will not code for the Caliphate
Some assignments, even the Bongster decline must
Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please
Novelslab finally on sale with ($199 - $20) price tag
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Banking apps: Handy, can grab all your money... and RIDDLED with coding flaws
Yep, that one place you'd hoped you wouldn't find 'em
Video of US journalist 'beheading' pulled from social media
Yanked footage featured British-accented attacker and US journo James Foley
Primetime precrime? Minority Report TV series 'being developed'
I have to know. I have to find out what happened to my life
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.