The certificateless public key cryptosystem not only reduces the high cost of public key management, but also eliminates the private key escrow problem. The cloud-based smart grid data management system can release the burden of big data storage in power enterprises. Provable data possession (PDP) can ensure the integrity of data stored in the cloud with a high probability. Recently, a certificateless public PDP scheme with privacy preserving for cloud-based smart grid data management system was proposed. However, we find the scheme insecure. We give two concrete attacks to the scheme - the first attack shows that a malicious cloud storage provider (CSP) can forge a valid tag of any file block modified at his will, and the second one shows that CSP can produce a valid proof without storing any file blocks. Then, we point out the flaws in their proof and the key reason why their scheme is insecure.