This report is yet to be verified, however a better question to ask is whether or not Plusnet has started using 2-factor authentication and if not, why not? Passwords by themselves will always be the weak link, because non-technical users (i.e. the majority) will default to using words and phrases that they can remember, which often is a family name. This is easy for hackers to exploit and more attention needs to be taking care of the basics.
Plusnet is still giving out passwords to its users in plain text, according to media sources. The Register reported the fact that the telecommunications company, which is owned by BT, has ignored the advice and warnings of security experts and GCHQ, the UK's signals intelligence agency by continuing to send their forgetful users passwords back to them in plaintext and not hashing or salting them