Npower has been forced to withdraw its mobile app permanently after hackers used it to gain access to sensitive customer details.
The stolen data included the sort codes and account numbers of Npower customers’ bank accounts.
The hack took place around the beginning of February and has left Npower’s customers “wide open to fraud” according to cybersecurity experts.
The company said it has contacted the affected customers, but refused to say how many have been affected in total.
The hack is the latest setback for parent company E.ON, which took over the firm two years ago.
E.ON enraged its customers in December when the company took direct debit payments from their accounts 11 days early and refused to process refunds until after Christmas.
E.ON’s app then stopped working for around two weeks at the end of January, preventing customers from being able to access their accounts and input meter readings.
Npower said that customers will now have to use its website to access their accounts as a result of the latest hack, and that the app will not be reinstated.
An Npower spokesperson said: “We identified suspicious cyber-activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website.
“We’ve contacted all affected customers to make them aware of the issue, encouraging them to get advice on how to prevent unauthorised access to their online account. We immediately locked any online accounts that were potentially affected. We also notified the Information Commissioner’s Office [ICO] and Action Fraud. Protecting customers’ security and data is our top priority.”
Ray Walsh, a cybersecurity expert, said that any Npower customer who has used the app in the past should now check their bank statements for any unusual payments.
“The breach included sort codes and the last four digits of customer bank account numbers, leaving them wide open to fraud,” said Walsh. “Hackers now have access to all the user credentials and passwords from the Npower app, which means that consumers must change the passwords of any accounts that use the same details.
“The probability that consumers will also now receive phishing emails is high, so it is essential that consumers watch their inboxes carefully for any emails that coerce them into following links or ask for personal information.”
With the government poised to implement tough new measures to...
Budget broadband provider TalkTalk has been notifying customers via email...
A year-long investigation by charity Citizens Advice has revealed a...
Education Secretary Nadhim Zahawi has announced a new commitment to...