Customer email addresses exposed in E.On email blunder


E.On has apologised after an automatic mass email inadvertently sent customers the addresses of hundreds of other customers at the energy supplier.

The messages, which held requests for energy consumers’ meter readings, should have been delivered to each individual customer. However, each email also bore the details of a further 497 E.On customer names.

The security breach was down to a “system error” that was spotted “within minutes” of the incorrectly addressed emails being sent, E.On said last week. Meanwhile, potential victims of the breach spoke of their intention to report the energy firm to the Information Commissioner’s Office (ICO), with many placing warnings on support forums on the company’s website.

In an official response, the firm said it had issued an apology “for an error which happened when an email was sent to a limited group of customers requesting meter readings.” The firm said it was reaching out to customers who had flagged up their alarm about the mistaken data share.

E.On also underlined that no account data or financial information had been caught up in the gaff, stating:

“An internal investigation is under way, and the appropriate authorities will be notified where required.”

Founder of cyber-security firm, Egress Technologies, Tony Pepper, said he understood the concern felt by E.On customers fearing that their personal data was being passed without authorisation.

Speaking to the BBC, Mr Pepper said:

“E.On has a duty of care to protect such information from any risk of falling into the wrong hands, so it will be interesting to see what they intend to do to resolve the slip-up. This is a simple but sometimes devastating mistake to make.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.