E.On has apologised after an automatic mass email inadvertently sent customers the addresses of hundreds of other customers at the energy supplier.

The messages, which held requests for energy consumers’ meter readings, should have been delivered to each individual customer. However, each email also bore the details of a further 497 E.On customer names.

The security breach was down to a “system error” that was spotted “within minutes” of the incorrectly addressed emails being sent, E.On said last week. Meanwhile, potential victims of the breach spoke of their intention to report the energy firm to the Information Commissioner’s Office (ICO), with many placing warnings on support forums on the company’s website.

In an official response, the firm said it had issued an apology “for an error which happened when an email was sent to a limited group of customers requesting meter readings.” The firm said it was reaching out to customers who had flagged up their alarm about the mistaken data share.

E.On also underlined that no account data or financial information had been caught up in the gaff, stating:

“An internal investigation is under way, and the appropriate authorities will be notified where required.”

Founder of cyber-security firm, Egress Technologies, Tony Pepper, said he understood the concern felt by E.On customers fearing that their personal data was being passed without authorisation.

Speaking to the BBC, Mr Pepper said:

“E.On has a duty of care to protect such information from any risk of falling into the wrong hands, so it will be interesting to see what they intend to do to resolve the slip-up. This is a simple but sometimes devastating mistake to make.”

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/


comments powered by Disqus