Blog Post

Cyber attack forces Npower to permanently withdraw its mobile app

Richard Simmonds • Mar 01, 2021

 A cyber attack has forced Npower to withdraw its mobile app permanently after hackers used it as a way to gain access to the energy supplier’s sensitive customer details.

Energy companies a prime target

The breach resulted in hackers gaining access to names, addresses, bank sort codes and the last four digits of bank accounts. 

The attack has left Npower’s customers wide open to fraud forcing the company to issue warnings that customers may see a rise in fake calls and emails seeking sensitive information.

According to cybersecurity experts, the security breach took place at the start of February with hackers targeting the company’s app to gain access to sensitive data, a move the experts say has left Npower customers wide open to fraud. 

An Npower spokesperson revealed that the affected accounts had been locked but did not disclose how many were impacted. The company has permanently withdrawn the mobile app and stated that it will not be reissued. Customers can still access their accounts via their website.
 
“We identified suspicious cyber activity affecting the Npower mobile app, where someone has accessed customer accounts using login data stolen from another website. This is known as credential stuffing. We’ve contacted all affected customers to make them aware of the issue, encouraging them to change their passwords and offering advice on how to prevent unauthorised access to their online account,” 

'We’ve contacted all affected customers to make them aware of the issue, encouraging them to get advice on how to prevent unauthorised access to their online account. We immediately locked any online accounts that were potentially affected. We also notified the Information Commissioner’s Office [ICO] and Action Fraud. Protecting customers’ security and data is our top priority,” said the spokesperson.


The implications

Cyberattacks are particularly damaging for energy supply companies due to the sheer amount of data they process and the need for confidence from their customers.


Cyberattacks do massive harm to reputations as well as shake confidence that a customer’s data is safe.



With this breach included sort codes and customer bank account numbers it leaves customers dangerously exposed to being targeted by fraudsters. Customers will now have to be particularly wary of any phone calls or emails claiming to be from Npower. The risks from Phishing emails in particular will be high.


They will also have to pay close attention to their bank statements for signs of any unusual activity. The hackers also likely have the passwords and usernames for all customers impacted which means they have had free reign to access accounts at will. All impacted customers should change their passwords asap.


Also read: Energy Supply companies most vulnerable to cyberattack says report

How to avoid falling victim

Energy suppliers need to be cyber secure if they are to thrive and survive in the energy market. A data breach can be massively damaging as well as highly disruptive to operations that will cost time and money to amend.


Effective cybersecurity doesn’t have to be expensive as many of the risks can be mitigated by implementing some basic steps.


Targeted attacks like the one suffered by Npower are trickier to combat but often hackers are seeking easy prey and as such most likely discovered a weakness in the company’s app security. Rigorous testing of internet facing apps is essential to discovering any vulnerabilities.


Dyball Associates will keep you informed of the latest changes and our team of energy market consultants can guide you through the steps to enter the UK energy market. Whether you’re looking for electricity and gas systems or support on starting an energy supply company, Dyball Associates can help.

Further Reading

How can smaller energy suppliers be competitive?


Prime Minister announces Covid-19 lockdown easing roadmap: What does it mean for energy suppliers?


Challenger Energy Suppliers should improve their mobile experiences says new report


Dyball Associates are proud to help new supply businesses successfully launch in the UK market.

 

Through our energy market consultancy services, and the software we've developed, we're supporting new UK electricity and gas suppliers get set up and start supplying.


Follow us on 
LinkedIn to keep up to date with the latest news and updates in the energy industry.


Contact Us

More articles

Latest News

White label
By Richard Simmonds 24 Nov, 2021
We take a look at white labelling and why it could be a good source of revenue for your business.
dim bulb
By Richard Simmonds 23 Nov, 2021
The ongoing energy crisis has claimed its biggest victim as the UK’s seventh largest energy supplier, Bulb announced that it has entered administration.
investigate
By Richard Simmonds 22 Nov, 2021
Two of the UK’s largest energy supply companies could be investigated by Ofgem and possibly face fines of up to 10% of their revenue after being accused of breaching price cap rules by overcharging customers by hundreds of pounds.
More Posts
Share by: