Hackers post Elexon executives’ passports on dark web

Matthew Farmer 9 June 2020 (Last Updated June 9th, 2020 17:43)

Executives at UK power trader Elexon have seen copies of their passports posted online by hackers looking to extort money from them.

Hackers post Elexon executives’ passports on dark web
Elexon takes hundreds of power readings a day, but its operations were not directly affected.

Executives at UK power trader Elexon have seen copies of their passports posted online by hackers looking to extort money from them.

Elexon runs the UK’s Balancing and Settlement Code, a method of matching electricity production with predicted volumes.

On 14 May, the company announced its internal computer systems were affected by a cyberattack. It did not give any further details but did say most operations were unaffected. Meanwhile, company staff were unable to send emails until the “root cause” was identified later in the day.

The company’s internal data was stolen by cyber infiltrators using REvil or Sodnokibi malware. However, it has not given details of how this programme gained access to its system. Elexon has said no customer data was compromised by the hackers, and the public is not at risk.

In a statement, the company reassured customers that the balancing and settlement systems known as BSC Central Systems were unaffected.

It said: “There are no communications link or data traffic between the BSC Central Systems and the internal Elexon network which was impacted by this incident. The security of the BSC Central Systems is integral to the design and operation and at this time security has been further enhanced.”

Elexon is hackers’ second energy target this year

Their data is now being held to ransom, with the infiltrators posting copies of documents on the dark web. Computer Business Review reported this includes the passport of Elexon director of customer operations Victoria Moxham.

Internal communications were also posted, including messages concerning the data breach itself. This means the intruders continued copying documents after the breach was initially discovered.

In March, the company was reported to be running an unpatched Pulse Screen VPN server, a known target for cyber-criminals. In the same month, European high-voltage power networks were infiltrated, as confirmed by transmission network operator ENTSO-E.

Elexon handles around £1.7bn of power producers’ transactions every year. The company has not yet replied to requests for comment.