Feeds

PowerGen stems flow to bloody nose

Top exec with brains turns up just in time

  • alert
  • submit to reddit

Remote control for virtualized desktops

It was a massive cock-up and everyone knew it. Leaving customer credit card details and addresses outside the firewall, accessible to anyone with an Internet connection, was ineptitude of the highest order.

It was bad enough shooting itself in the foot once, but then PowerGen proceeded to empty the entire clip into the mangled remnants. No, it wouldn't contact the other people whose privacy had been compromised. Even if it had no intention of contacting them for god's sake tell everyone that you will. And so the security disaster was brought to the press' attention.

Asked about the situation by journalists, PowerGen then denied any such thing has occurred. BANG! Faced with proof, it concedes. BANG! It then accuses the man who discovered the hole and brought it to their attention of being a hacker. BANG! BANG! BANG!

And while it continues firing, the IT and national press stroll up and punch it on the nose, drawing blood first time. The company's top execs must have panicked when they realised how out of control the story had gotten. You can be sure that PowerGen's press spokesman is getting a right royal bollocking today.

But then in steps PowerGen's Retail Managing Director, Mike Wagner - a man with a brain and a hanky to hold to its bloody nose. First of all, be serious and apologise, then say you have some experts on the case who are working out how this could possibly happen (they will produce a report and this will never occur again). Then point out that it has been blown out of all proportion and the truth is far less exciting. Say you have involved the police. Say you are grateful to the man that discovered the hole (and subsequently ruined your week). And finally reiterate your commitment to the Web.

Mikey boy did all this and then kicked in with a sweetener - all those customers affected would be contacted individually and £50 given to those that choose to cancel their credit card. Not much considering the hassle, but at least it looks like concern. 8/10 Mike.

But despite all this, we are still amazed that big companies clearly still haven't sorted out their IT problems. PowerGen isn't the first and sadly it's not going to be the last.

We've put the PowerGen response from Mike Wagner below for you to peruse.

"We take security of customer information extremely seriously and I am sorry that this has happened and that customers may have been inconvenienced.

"The web site was immediately closed down and our systems experts confirmed that this was a one-off incident. Initial investigations showed that the information which had been accessed was in a file which due to a technical error was temporarily outside of the security gate of the system. This was immediately corrected and new procedures introduced to eliminate the possibility of it happening again. There was no breach of the security of our main customer database.

"We are directly contacting customers who pay accounts via the Internet and will assure them that the problem has been corrected. We have also set up a free phone customer information hotline and urge any of our customers who are concerned to contact this number (0800 0157755). As an additional security measure we are advising customers to change their card numbers and will offer compensation for the inconvenience. Meanwhile the online transaction site remains closed.

"We are now embarking on a wider reaching review of systems security in conjunction with external expert consultants and will be in further contact with John Chamberlain to assist us with this review. We plan to publish the results of the external consultants' audit on our web site.

"This has clearly raised some more general concerns about payment over the Internet. I will be asking banks, other financial services organisations and companies engaging in transactions over the web to discuss these wider issues with us. However, we remain committed to the Internet as customers increasingly find it a convenient way of doing business with us." ®

Related stories

PowerGen gives lessons on stupidity
PowerGen credit card security cock-up

Remote control for virtualized desktops

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
YARR! Pirates walk the plank: DMCA magnets sink in Google results
Spaffing copyrighted stuff over the web? No search ranking for you
UK.gov pushes for SWIFT ACTION against nuisance calls, threatens £500k fines
DCMS seeks lowering of legal threshold to fight rogue firms
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
ISPs handbagged: BLOCK knock-off sites, rules beak
Historic trademark victory, but sunset clause applies to future blocks
Hungary's internet tax cannot be allowed to set a precedent, says EC
More protests planned against giga-tariff for Tuesday evening
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.