Npower customers told to check bank accounts as it shuts down app after hackers steal financial details
NPOWER customers have been warned to check their bank accounts after crooks hacked the energy giant’s app to steal financial details.
Hackers accessed customer accounts by using stolen login data from other websites to get into Npower’s app, which has been shut down.
who revealed the breach, reports Npower emailed customers on February 2 to warn that their accounts had been locked following third-party access.
The consumer website said customers should monitor their bank accounts for suspicious activity.
Npower said data that may have been viewed includes:
- Personal information, such as contact details, date of birth and address
- Some financial information, such as sort codes and the last four digits of bank account numbers (the full account number has not been accessed though)
- Contact preferences, such as whether you like to be contacted by email, text or phone call
How to protect yourself from fraud
USE the following tips to protect yourself from fraudsters.
- Keep your social media accounts private – Think twice before you your share details – in particular your full date of birth, address and contacts details – all of this information can be useful to fraudsters.
- Deactivate and delete old social media profiles – Keep track of your digital footprint. If a profile was created 10 years ago, there may be personal information currently available for a fraudster to use that you’re are not aware of or you have forgotten about.
- Password protect your devices– Keep passwords complex by picking three random words, such as roverducklemon and add or split them with symbols, numbers and capitals.
- Install anti-virus software on your laptop and personal devices and keep it up to date – This will make it harder for fraudsters to access your data in the first place.
- Take care on public Wi-Fi– Fraudsters can hack or mimic them. If you’re using one, avoid accessing sensitive apps, such as mobile banking.
- Think about your offline information too – Always redirect your post when you move home and make sure your letter or mailbox is secure.
Npower didn’t confirm how many accounts were accessed, but said not all have been affected.
It said affected customers have already been contacted and have been urged to change their passwords.
An Npower spokesperson said: “We immediately locked any online accounts that were potentially affected, blocked suspicious IP addresses and took down the npower app.
“We also notified the Information Commissioner’s Office and Action Fraud.
“Protecting customers’ security and data is our top priority and our robust defences helped us to identify this recent attack.
“It’s important we all continue to stay secure online and urge customers to avoid reusing the same password across multiple websites.”
Customers have been told to log in to their accounts through .
Npower said the app would not be relaunched, as it was due to be taken down soon as part of the company’s winding down plans.
MoneySavingExpert assistant news and investigations editor Helen Knapman said: “If you're concerned your data may have been accessed, monitor your bank account and also keep an eye on your credit report to see if someone is making false applications for credit in your name.”
Action Fraud has advised customers to take certain steps if they have been told their accounts were compromised.
Customers should:
- Secure their passwords by changing them
- Monitor their bank account
- Be alert for phishing emails
- Report a fraud if you think you’ve fallen victim to a scam by contacting your bank immediately
Action Fraud added victims of fraud need to report the incident to Action Fraud online at or by calling 0300 123 2040.
Most read in Money
Brits are being warned about fraudsters signing up for buy now, pay later services in their names.
READ MORE SUN STORIES
Martin Lewis warned that a viral scam claiming to be from him and Action Fraud is actually fake.
Here’s our guide to spotting Covid jab scams so you don’t get conned.