Endesa Energy has confirmed a cyberattack on its trading platform that has exposed critical information of millions of customers. The breach includes identity documents, bank accounts and data from electricity and gas contracts, which places those affected at risk of fraud and identity theft.
What exactly happened. A cybercriminal has managed to circumvent the security measures of Endesa’s commercial platform and access sensitive customer information related to their energy contracts. According to has recognized the company in communications sent to those affected, during the security breach contact information, ID and IBAN numbers from bank accounts would have been extracted. The company ensures that the access passwords have not been compromised.
The magnitude of the incident. The hacker responsible, who identifies himself as “Spain,” posted on January 4 on BreachForums, a popular forum in the dark webdetails of the attack claiming to have obtained more than 1 TB of information corresponding to more than 20 million people, according to reported the Digital Shield medium. The cybercriminal assured this medium that he had gained access in less than two and a half hours, and has gone so far as to leak data samples from a thousand clients to demonstrate the authenticity of the stolen information.
What type of data is at stake. The hacker claims to have obtained basic personal data (names, surnames, postal addresses and contact information), financial information (IBAN, billing data and account history), energy data (CUPS, active electricity and gas contracts, supply point information) and regulatory data.
The risks for clients. Although Endesa considers it “unlikely” that the theft will result in “a high-risk impact on the rights and freedoms of users,” the company warns of several real dangers in its official statement. Cybercriminals could try to impersonate customers, post the data on digital forums, or use it for phishing and spam campaigns.
Josep Albors, Director of Research and Awareness at ESET Spain, explains that “the risk does not end with the notification of the breach” and that the exposed information can be reused for months or years to launch targeted fraud.
Endesa’s response. The energy company has taken almost a week to publicly acknowledge the incident since the leak became known. The company claims to have immediately activated security protocols, blocked compromised access and notified the competent authorities of the case.
In addition, it has enabled telephone lines to resolve doubts: 800 760 366 for Endesa Energía customers and 800 760 250 for those of Energía XXI, its distributor in the regulated market. We have contacted the company to find out more information about it, so we will update the article in case of news.
What should those affected do? The problem with this security breach is that the data is surely used for advertising campaigns. phishing and targeted spam. As explained by ESET, the first thing we should keep in mind as affected parties is to distrust any communication that appears to come from Endesa and that includes links, attachments or urgent requests, always contacting the company through official channels.
This has not been the case, but it never hurts to frequently review bank accounts to detect unauthorized movements and change passwords, even if the company claims that they have not been compromised, activating security protocols whenever possible. two factor authentication. Free and useful websites like ‘Have I Been Pwned‘ allow us to check if the data has appeared in other known breaches by entering our email.
The extortion attempt. According to account According to Escudo Digital, the hacker has tried to negotiate directly with Endesa through emails, although at the moment he has not set a specific ransom figure. The cybercriminal, who says he is not affiliated with any group of ransomware known, has received offers from third parties of up to $250,000 for half of the database, although he claims to have not sold anything yet. “I prefer to wait for Endesa to decide,” he told the media.
A worrying trend. Just like they count From the media Expansión, this attack places Endesa on the growing list of large Ibex 35 companies that have suffered cyberattacks in recent months. Companies such as Iberdrola, Iberia, Repsol and Banco Santander have been victims of similar incidents that have compromised customer data. And they have not been the only ones, since cyberattacks and data leaks They are now much more common. In the case of Endesa it seems that we will have to wait for the company to offer more information on the matter.
Cover image | Endesa
GIPHY App Key not set. Please check settings