Executives at UK power trader Elexon have seen copies of their passports posted online by hackers looking to extort money from them.

Elexon runs the UK’s Balancing and Settlement Code, a method of matching electricity production with predicted volumes.

On 14 May, the company announced its internal computer systems were affected by a cyberattack. It did not give any further details but did say most operations were unaffected. Meanwhile, company staff were unable to send emails until the “root cause” was identified later in the day.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The company’s internal data was stolen by cyber infiltrators using REvil or Sodnokibi malware. However, it has not given details of how this programme gained access to its system. Elexon has said no customer data was compromised by the hackers, and the public is not at risk.

In a statement, the company reassured customers that the balancing and settlement systems known as BSC Central Systems were unaffected.

It said: “There are no communications link or data traffic between the BSC Central Systems and the internal Elexon network which was impacted by this incident. The security of the BSC Central Systems is integral to the design and operation and at this time security has been further enhanced.”

Elexon is hackers’ second energy target this year

Their data is now being held to ransom, with the infiltrators posting copies of documents on the dark web. Computer Business Review reported this includes the passport of Elexon director of customer operations Victoria Moxham.

Internal communications were also posted, including messages concerning the data breach itself. This means the intruders continued copying documents after the breach was initially discovered.

In March, the company was reported to be running an unpatched Pulse Screen VPN server, a known target for cyber-criminals. In the same month, European high-voltage power networks were infiltrated, as confirmed by transmission network operator ENTSO-E.

Elexon handles around £1.7bn of power producers’ transactions every year. The company has not yet replied to requests for comment.