Energy firm npower has closed its app following an attack that exposed customers’ data.

npower said customers’ accounts were accessed using login data obtained by other websites.

It added not all accounts were affected and customers whose accounts were accessed have already been contacted.

The energy firm said it does not intend to relaunch the app as it was due to close in the coming weeks.

An npower spokesperson said: “We immediately locked any online accounts that were affected, blocked suspicious IP addresses and deactivated the npower app.

“We have also notified the Information Commissioner’s Office and Action Fraud. Protecting customers’ security is our top priority.”

John Vestberg, President and Chief Executive Officer of the network security company Clavister, said: “The npower app breach shows that no matter how prepared a company thinks they are, cybercriminals will always try to get the upper hand by taking advantage of the weak spots you didn’t know you had.

“Contact details, birth dates, addresses and partial bank account numbers are believed to have been stolen which is worrying at the best of times, but especially during a pandemic where most employees are remote working.”