The following statement from IBM has been issued by Powergen:
“As a result of the security breach on the web site belonging to Powergen’s Retail Division on 7 July, IBM was commissioned to review the events that led up to the security exposure being created.
“IBM has reviewed the actions taken to date and determined through various assessments and penetration tests that there is no significant risk to the category of data currently held on the machine. Additional security mechanisms are now being deployed to further protect the site.
“The actions taken immediately following the security breach were appropriate to protect customer data from further attack. The details about how the exposure was created, as detailed by Powergen’s retail managing director, Mike Wagner are correct. In particular; the information that had been accessed was in a file which, due to a technical error, was temporarily outside of the security gate of the system but which was not in plain view of any customer using the web site in the normal fashion.
“IBM has made some additional recommendations to Powergen to ensure any human factors that may have had a contributory effect are addressed in the future.
“A detailed technical report has been provided to Powergen based on our findings. Clearly it would not be appropriate to publish the detailed information it contains as this would provide valuable information for any would be hacker seeking to breach the extra security measures we have recommended.” – IBM