Electric Ireland said an employee of a contracted company appears to have ‘inappropriately accessed’ thousands of customer accounts, putting their personal and financial information at risk.
Electric Ireland has confirmed that roughly 8,000 customer accounts may have been compromised from a recent data breach.
The ESB-owned company said that an employee of a company “working on our behalf” appears to have inappropriately accessed a small portion of its 1.1m residential customer accounts. The company is concerned that this has led to the misuse of personal and financial information.
Electric Ireland said it has written to all of the customers whose data may be compromised as a result of the breach. The company said it aims to make affected customers aware of the issue and provide advice and instructions how to “mitigate against the risk of potential financial fraud”.
Impacted customers have also been advised to contact their bank. Those who have not received a letter from Electric Ireland do not need to take any action, the company said.
Electric Ireland has not disclosed exactly how the breach occurred or which company was involved. The issue is under investigation by Electric Ireland and An Garda Síochána and the Data Protection Commissioner have been informed.
The company said the case “must remain confidential” as the investigation is ongoing.
“Electric Ireland fully appreciates the gravity of this issue and the concern and inconvenience it will create for those affected customers,” the company said in a statement.
“Customers affected by this issue, who may have experienced any fraudulent activity on their financial accounts in relation to data they gave to Electric Ireland, have been asked to contact the company directly.”
Data breaches remain a constant concern for organisations, due to human error, glitches or cyberattackers using compromised employee credentials to access sensitive information.
Last month, a cybersecurity researcher said that more than 520,000 records relating to car seizures conducted by An Garda Síochána were exposed in a data breach.
The researcher said the database belonged to a private contractor based in Limerick and that some of the exposed records appeared to contain full debit card details.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.