Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
In late February, it was revealed that some customers of energy company Npower had suffered hacks of their accounts via the customer app that affected its users’ private data. The company has not put a number on the victims affected, but it is believed that the attack took place in early February, after which those affected were notified of their involvement. It is currently understood that Npower is not to blame for the hack, with no evidence that the company has breached data protection law. We will outline how the hacks happened in this article. Nevertheless, those with hacked Npower accounts are at immediate risk of fraud, with criminals targeting accounts to try to break into them as opposed to successfully breaking into Npower’s own servers and systems.
As advocates of data security, we believe it is important to highlight the risks Npower app users have been exposed to, even where the company is found to not be at fault for what has happened. Even if you have not been affected by the cyberattack, it still offers a valuable lesson about the risks of data exposure and the actions we can take as individuals to protect our personal data, and how criminals can target accounts to break into them.
Though the exact nature and scale of the attack have not been revealed, customers have been informed of the data that has been stolen from their hacked Npower accounts, which can include:
Following the attack, Npower closed down the app and has chosen to keep it shut down, given that they were intending to deactivate it only weeks after the hack occurred in any event. This sensible course of action has hopefully helped to prevent more information misuse.
The ICO is investigating the issue over hacked accounts, but Npower has already identified the type of attack. The hackers used a technique called credential stuffing, which involves inputting login details, often exposed from other websites and accounts, to see if access can be granted where people re-use credentials on more than one site. As such, the breach highlights how important it is for consumers to use as many different passwords as they can across their online accounts.
We understand that this can be difficult, given that many of us have dozens of accounts with different companies, but you do not want to put yourself at risk of having all your accounts hacked simply because one password has been stolen or exposed. Those with hacked Npower accounts are now at risk of information misuse, and need to watch out for scam calls, phishing emails and unauthorised transactions on their accounts.
While you cannot entirely prevent risks such as this, it is important to make it more difficult for fraudsters to target you by making your passwords as secure as possible.
Anyone with hacked Npower accounts should take immediate action to secure their other accounts and passwords where necessary. In fact, credential stuffing is a common form of hacking technique which all of us should remain conscious of when setting up online accounts. Anyone who has fallen victim to this hack may well have their credentials already exposed and should check all their accounts and secure them with strong and unique credentials on each platform. Make use of multi-factor authentication and login event notifications too.
As advocates of data security, we have helped many claimants to recover compensation for breaches of data privacy. Where the law has been breached, this is can be a victim’s next step in taking action to ensure those responsible are held to account.
If you need advice on a potential compensation claim, call us today for free or register your details for a call-back.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020