U.K. utilities provider Powergen PLC on Wednesday said it had suffered a breach in security that caused sensitive information about its customers to be displayed on its Web site.
A "technical error" resulted in customers' names and credit card numbers being published on Powergen's Web site, the company said in a written statement.
The company immediately took down the Web site when it was informed of the problem by a customer. The online transaction site remained closed after the incident, which the provider blamed on an error that left the file holding customer information "temporarily outside of the security gate of the system."
Customers who pay online are the only ones affected by the problem; there was no breach of the main customer database, the company said.
Although the technical facts behind the problem haven't come out yet, security companies were quick to jump into the discussion.
"Ninety-nine percent of these sort of things are easy to detect with some scanning software," said Douglas Hurd, Network Associates Inc.'s head of business development for northern Europe.
"The routine security audits that should have been done on that machine were obviously not done," he said. "Whether or not customer information should have even been stored on a Web sever is another debate."
Powergen did not return phone calls seeking additional comment.
Powergen, in London, can be reached at +44-20-7826-2826 or on the Web at http://www.powergen.co.uk/.