Hackers attack npower’s app exposing customers’ data

The hack accessed customers’ accounts using login data obtained by other websites

The Big Zero report

Energy firm npower has closed its app following an attack that exposed customers’ data.

npower said customers’ accounts were accessed using login data obtained by other websites.

It added not all accounts were affected and customers whose accounts were accessed have already been contacted.

The energy firm said it does not intend to relaunch the app as it was due to close in the coming weeks.

An npower spokesperson said: “We immediately locked any online accounts that were affected, blocked suspicious IP addresses and deactivated the npower app.

“We have also notified the Information Commissioner’s Office and Action Fraud. Protecting customers’ security is our top priority.”

John Vestberg, President and Chief Executive Officer of the network security company Clavister, said: “The npower app breach shows that no matter how prepared a company thinks they are, cybercriminals will always try to get the upper hand by taking advantage of the weak spots you didn’t know you had.

“Contact details, birth dates, addresses and partial bank account numbers are believed to have been stolen which is worrying at the best of times, but especially during a pandemic where most employees are remote working.”

If you enjoyed this story you can sign up to our weekly email for Energy Live News – and if you’re interested in hearing more about the journey to net zero by 2050, you can also sign up to the future Net Zero newsletter. 

Latest Podcast