UK energy utility Npower is said to “urgently investigating” how it sent out a mass postal mailing which shared the personal details of around 5000 customers.
The letters went to a wrong mailing list and were a quarterly statement for customers who have rooftop solar. While they did not include bank details, they did provide people’s names, addresses, and payment amounts
Npower has informed the UK’s Information Commissioner’s Office of the data breach.
David Emm, Principal Security Researcher at cybersecurity and data expert Kaspersky Lab, said that “it’s promising to see that Npower has apologised to affected customers, informed the Information Commissioner’s Office and is urgently investigating the cause of the mix-up”.
He added: “Customers that entrust private information to the care of a business should be safe in the knowledge that their data is being kept in a secure manner.” He said Npower customers “will doubtless be anxious that Npower gets to the bottom of this issue and that there’s no repeat in the future.
“Blunders of this sort, along with the rights and responsibilities associated with of GDPR, offers customers a way to call into question exactly what data is being held on them – and what it’s being used for, which will also reduce the likelihood of it falling into the wrong hands.
“Consumers should value their data as much as the money in their wallets and purses, and – like they would their physical possessions – take steps to protect it. Being vigilant online – whether using a work computer, home laptop, mobile or tablet device – should be second nature, but it often isn’t. Undertaking simple steps, like regularly changing passwords, reviewing default settings on social media and using anti-virus software across all devices can significantly help to protect data.”