Feeds

PowerGen stems flow to bloody nose

Top exec with brains turns up just in time

  • alert
  • submit to reddit

Security for virtualized datacentres

It was a massive cock-up and everyone knew it. Leaving customer credit card details and addresses outside the firewall, accessible to anyone with an Internet connection, was ineptitude of the highest order.

It was bad enough shooting itself in the foot once, but then PowerGen proceeded to empty the entire clip into the mangled remnants. No, it wouldn't contact the other people whose privacy had been compromised. Even if it had no intention of contacting them for god's sake tell everyone that you will. And so the security disaster was brought to the press' attention.

Asked about the situation by journalists, PowerGen then denied any such thing has occurred. BANG! Faced with proof, it concedes. BANG! It then accuses the man who discovered the hole and brought it to their attention of being a hacker. BANG! BANG! BANG!

And while it continues firing, the IT and national press stroll up and punch it on the nose, drawing blood first time. The company's top execs must have panicked when they realised how out of control the story had gotten. You can be sure that PowerGen's press spokesman is getting a right royal bollocking today.

But then in steps PowerGen's Retail Managing Director, Mike Wagner - a man with a brain and a hanky to hold to its bloody nose. First of all, be serious and apologise, then say you have some experts on the case who are working out how this could possibly happen (they will produce a report and this will never occur again). Then point out that it has been blown out of all proportion and the truth is far less exciting. Say you have involved the police. Say you are grateful to the man that discovered the hole (and subsequently ruined your week). And finally reiterate your commitment to the Web.

Mikey boy did all this and then kicked in with a sweetener - all those customers affected would be contacted individually and £50 given to those that choose to cancel their credit card. Not much considering the hassle, but at least it looks like concern. 8/10 Mike.

But despite all this, we are still amazed that big companies clearly still haven't sorted out their IT problems. PowerGen isn't the first and sadly it's not going to be the last.

We've put the PowerGen response from Mike Wagner below for you to peruse.

"We take security of customer information extremely seriously and I am sorry that this has happened and that customers may have been inconvenienced.

"The web site was immediately closed down and our systems experts confirmed that this was a one-off incident. Initial investigations showed that the information which had been accessed was in a file which due to a technical error was temporarily outside of the security gate of the system. This was immediately corrected and new procedures introduced to eliminate the possibility of it happening again. There was no breach of the security of our main customer database.

"We are directly contacting customers who pay accounts via the Internet and will assure them that the problem has been corrected. We have also set up a free phone customer information hotline and urge any of our customers who are concerned to contact this number (0800 0157755). As an additional security measure we are advising customers to change their card numbers and will offer compensation for the inconvenience. Meanwhile the online transaction site remains closed.

"We are now embarking on a wider reaching review of systems security in conjunction with external expert consultants and will be in further contact with John Chamberlain to assist us with this review. We plan to publish the results of the external consultants' audit on our web site.

"This has clearly raised some more general concerns about payment over the Internet. I will be asking banks, other financial services organisations and companies engaging in transactions over the web to discuss these wider issues with us. However, we remain committed to the Internet as customers increasingly find it a convenient way of doing business with us." ®

Related stories

PowerGen gives lessons on stupidity
PowerGen credit card security cock-up

Business security measures using SSL

More from The Register

next story
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.