Npower data breach

on 26 Feb 2021 | by Simon Chadwick

Personal data stolen

Npower has notified customers of a data breach that affected some users of its app. Contact details, birth dates, addresses and partial bank account numbers are among details believed stolen. The power supplier has now closed down the app completely, although it was scheduled to be withdrawn soon anyway due to the company’s acquisition and merger into Eon.

Npower has not revealed how many customers have been affected, but it has stated that the unauthorised access occurred via "credential stuffing", which is when criminals use login details exposed in unrelated breaches and try their luck with other companies. The hackers would be able to enter any account where somebody was reusing the same password for Npower. This stands as yet another stark example of why it’s vitally important to not reuse passwords.

Npower has notified the Information Commissioner’s Office and also emailed people known to have been affected. If you have been affected, make sure you change your password on other accounts if you’re reusing it elsewhere, and monitor your bank account for suspicious activity.

Don't make it easy for hackers

When you see computer hackers in films, you tend to see somebody in a dark room bathed in neon lighting, typing furiously while green code whizzes across a screen, muttering technobabble like "I’m going to revert the mainframe configuration and upload the quantum superflex to the hyperloop". In reality, most hacks occur with someone going online, finding a spreadsheet with leaked login details, and then seeing if they happen to work anywhere else. Most hacks rely on human error rather than sophisticated computer wizardry. If you want to stay safe online, you can take very simple steps like not reusing your password to make yourself less of a target.

The 2018 Npower data breach

This is not the first security breach affecting Npower users. In September 2018, the personal details of around 5,000 customers including names, addresses and payment details were mailed to the wrong account holders. Customers who received letters in the post were surprised to see the private information of other customers included in their correspondence. The envelopes contained the quarterly statement for people who have solar panels on their roof and detailed the amount of money they would receive as part of the feed-in tariff scheme.

If you were affected in the Npower 2018 breach, you may be entitled to compensation. Find out if you’re eligible to make a claim by using our quick checker below.

23/10/2021 04:47:00