The Register reports that Plusnet customers are reporting spam addressed to tagged email addresses used only for Plusnet billing.
The BT-owned ISP, however, is not acknowledging any breach:
Plusnet has conducted a thorough investigation into this issue. Our investigations confirm that Plusnet’s Core Systems and Networks, including our subscriber and billing databases, have been verified and we are comfortable there has been no compromise.
Plusnet takes its obligations regarding our customer data very seriously – we ensure we comply with the guidance of the data protection regulator as well as the requirements of the Data Protection Act. All companies that Plusnet work with are required to ensure data is processed securely and in accordance with the Data Protection Act.
Plusnet will continue to monitor its security controls to ensure all data, including customer data, is protected. If we have any further updates on this we will of course let you know.
Read more on The Register.