British Gas has already notified 2,200 customers about the data breach, and data belonging to 1000 of its customers has been exposed online.
Email addresses and account passwords were among the client records that were exposed online; the account information was uploaded to the internet text-sharing platform Pastebin.
The business said that based on their research, they are positive that British Gas is not the source of the information that surfaced online.
Security experts believe that someone may have used customer account information from British Gas to test other data breaches and get access to enterprise accounts.
Source: https://securityaffairs.com/41558/cyber-crime/british-gas-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/british-gas
"id": "bri1212261023",
"linkid": "british-gas",
"type": "Data Leak",
"date": "10/2015",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 2200,
'industry': 'Energy',
'location': 'United Kingdom',
'name': 'British Gas',
'type': 'Company'}],
'attack_vector': 'Credential Stuffing',
'customer_advisories': ['Customer Notification'],
'data_breach': {'number_of_records_exposed': 1000,
'personally_identifiable_information': ['Email addresses'],
'type_of_data_compromised': ['Email addresses',
'Account passwords']},
'description': 'British Gas has notified 2,200 customers about a data breach '
'where data belonging to 1,000 customers was exposed online. '
'Email addresses and account passwords were among the client '
'records that were exposed on the internet text-sharing '
'platform Pastebin. The business believes that British Gas is '
'not the source of the information that surfaced online. '
'Security experts suggest that customer account information '
'from British Gas might have been used to test other data '
'breaches and gain access to enterprise accounts.',
'impact': {'data_compromised': ['Email addresses', 'Account passwords']},
'motivation': 'Unauthorized Access',
'response': {'communication_strategy': ['Customer Notification']},
'title': 'British Gas Data Breach',
'type': 'Data Breach'}