PowerGen coughs up after security scandal

[InfoSec News <isn () C4I ORG>]

http://www.uk.internet.com/Article/100322

James Middleton   21 Jul 2000

PowerGen is in the process of writing to each of its 7000 online
customers to offer them 50 compensation for inconvenience caused, in
the aftermath of the company's security scare.

The utility has also closed down its online payment service and will,
in co-ordination with the person who discovered the security hole,
undertake a "review of website security and an internal inquiry".

PowerGen has also released a statement to customers advising them to
change their credit card numbers, as it is still not confirmed for
what length of time the data was vulnerable. Retail managing director
Mike Wagner said this was an "additional security measure".

However, the scare has brought the UK's customer protection laws into
doubt. Phil Jones, assistant commissioner at the Data Protection
Registrar, said the customers who had their details published would
not be liable for any compensation unless the data had been
fraudulently used.

"Only customers who suffer damage following a lapse in security will
qualify for compensation if they can also prove they have suffered
damage, and if they convince a court of this," he said.

Apparently this is due to a part of the legislation that makes up the
1998 Data Protection Act, which does not entitle customers to
compensation unless they suffer damages. It seems PowerGen has come up
with the cash as an act of goodwill.

Jones said the Department of Trade and Industry, and the Office of
Fair Trading (OFT) would be responsible for improving security for
Internet user's rights. The OFT would not reveal details, but a
spokesman said that it is looking at creating a new department
dedicated to protecting customer rights online.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".