:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/EQ2DFBIHGJ6CRBVFTQMONCATQI.jpg)
Electric Ireland said the personal and financial information of about 8,000 of its customers may have been compromised and misused by an individual for fraudulent purposes.
Electric Ireland said it is liaising with An Garda Síochána and the Data Protection Commissioner regarding the compromised accounts. Affected customers who may have experienced fraudulent activity have been asked to contact Electric Ireland directly.
In a statement on Wednesday, Electric Ireland said it is aware of an employee of a company working on behalf of the energy provider who may have “inappropriately accessed” about 8,000 customer accounts, leading to the “potential misuse of personal and financial information”.
It is understood that the individual’s accessing of accounts was deliberate rather than inadvertent.
:quality(70):focal(4070x1470:4080x1480)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/U3WS47K32W3BXYU6JG4J3HVDHQ.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/SNOCUXE7BRGC5L4QJRBKGJB4HE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/K4RB2KC2F5BI5OPGY2YCXVCGRE.jpg)
The energy provider said the breach involved a “small proportion” of its 1.1 million residential customer accounts, and that it has written to all potentially affected customers to make them aware of the issue.
A letter to affected customers warned that the individual “may have been accessing Electric Ireland customer details to facilitate financial fraud”.
The letter informed affected customers that credit/debit card details provided to Electric Ireland to make bill payments may have been compromised, as well as names, addresses, emails, phone numbers, dates of birth and bank account details.
Electric Ireland also provided advice in the letter regarding what actions affected customers should take to mitigate the risk of potential financial fraud. Customers who have not received a letter from Electric Ireland do not need to take any action.
Electric Ireland said the details of the case remain confidential, as An Garda Síochána are leading an investigation, and the company is liaising with law enforcement as well as the Data Protection Commissioner.
“Electric Ireland fully appreciates the gravity of this issue and the concern and inconvenience it will create for those affected customers,” the company said.
Electric Ireland advised customers affected by the issue “who may have experienced any fraudulent activity on their financial accounts in relation to data they gave to Electric Ireland” to directly contact the company, who will in turn inform An Garda Síochána. The company also advised affected customers to contact their bank.
As of close of business on Wednesday, Electric Ireland had not received any direct reports of fraudulent activity from customers with compromised accounts.
A spokesman for An Garda Síochána confirmed that they are investigating the potential data breach, which was first identified by Gardaí attached to the Garda National Cyber Crime Bureau.
He said the matter was referred to the Garda National Economic Crime Bureau for investigation, and Electric Ireland was contacted “immediately”.
“As this is an ongoing investigation, no further information is available at this time,” the spokesman said.
:quality(70)/s3.amazonaws.com/arc-authors/irishtimes/e781a39d-2def-49eb-968b-dd1282fb69ed.png)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/VR3765MFOBH2NMV2QNICYDF67M.png)