British Petroleum has become the latest company to be caught up in a cyber-security scandal after reports have shown that 2,200 of their customer details have been released online.
The information that was posted on Pastebin, a document sharing site, before being swiftly removed, included login details that could have been used to access information including customers’ names, addresses and past bills. Luckily, no bank account or card details would’ve been accessible, BP made clear.
BP contacted the customers affected and disabled their accounts as soon as they discovered that the information had been published online. Indeed they contacted the customers before actually confirming that all of the details published were correct, and so it may be the case that the number of affected customers may be lower than 2,200.
A statement they released said: “I can assure you there has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk. As you’d expect, we encrypt and store this information securely. From our investigations which appeared online did not come from British Gas.”
Users that have been contacted have been asked by BP to change their login details as quickly as possible
BP were, however, quick to say that they did not believe that their systems had, in fact, been breached. How exactly the information was gotten hold of is unclear; some suspect a phishing scam. Some believe that the login details could have been obtained from previous cyber-attacks on other companies (such as Talk Talk), with the attackers then trying those same details to see if they matched up with customers at BP.
What is certain though is that the extent of the attack is relatively small – BP has a customer base of around 14.7 million, and so the 2,200 affected customers represent a fairly small proportion of it.
The news of this security breach follows hot on the heels of the recent cyber-attack on Talk Talk that was recently found to be executed by a 15 year old boy from Ireland. The attack on BP is also reminiscent of the even more recent glitch in Marks and Spencer’s online system that meant that several customers gained access to other users’ account details.