Npower scraps app after monetary particulars stolen in information hack – what it’s worthwhile to know

According to Npower, customer accounts were accessed with credentials obtained from other websites – a common technique used by hackers and known as “credential stuffing”. The company will not say how many accounts were hacked, although not all accounts were affected and customers whose accounts were accessed have now been contacted. It is said that data that may have been viewed includes:

  • Personal Information – e.g. contact details, date of birth and address
  • Partial financial information – This includes bank codes and the last four digits of the customer’s bank account numbers – but NOT the full account numbers
  • Contact preferences – E.g. if you prefer to be contacted by email, text or phone call

Npower won’t say exactly when the hack took place, although received an email on February 2nd from the company warning customers that their accounts were suspended after being accessed by a third party. The hack is now also being investigated by the Information Commissioner’s Office (ICO). Npower says it closed its app after the attack and doesn’t intend to restart it as it should close in the coming weeks anyway.

For more information on what to look for, how to protect yourself, and what to do if you are a victim of fraud, see our guide to 30 ways to stop fraud.

Did you say that you are concerned? Change passwords and watch out for suspicious activity

Npower recommends that all customers whose accounts have been accessed change their passwords as a general precaution. However, it is NOT highly recommended to contact your bank unless you notice something unusual on your account. Npower believes there is no risk that customers’ bank accounts will be accessed or fraudulently used with the limited information that has been collected. Please note, however, that theft of personal data increases the risk of fraud.

Action Fraud – the UK’s national fraud reporting service – adds that Npower customers should also consider the following guidelines:

  • Watch out for phishing emails. Criminals can use your personal information to target you with compelling emails, texts, and phone calls. Be suspicious of unsolicited requests for your personal or financial information. If you receive an email that you are not sure about, forward it to the Suspicious Email Reporting Service (SERS) at [email protected]
  • Monitor your bank account. Be vigilant of any unusual activity on your accounts and report any unauthorized transactions to your bank immediately.

Helen Knapman, Assistant Editor – News and Investigations – at said, “More and more crooks are coming online to get their hands on your hard-earned money, either directly or by stealing personal information that could help you them to carry out fraud – and it appears that this is what happened with this npower data breach.

“Everyone, regardless of whether their account has been compromised, should always use different passwords for all their online accounts. If you have trouble remembering them, you can save them in a password manager They can access your bank account, monitor your credit report and see if anyone is submitting false credit applications on your behalf. “

Comments are closed.