Endesa hit by major cyberattack in Spain as customer data stolen

by https://inspain.newsElse Beekman
written by https://inspain.newsElse Beekman
Endesa cyberattack

Energy giant Endesa in Spain has been hit by a serious cyberattack. Hackers accessed sensitive customer data such as identity documents and bank details. It is not yet clear how many people have been affected by the data breach.

The company says it has informed potentially affected customers and taken steps. So far, no fraud has been detected. The energy giant serves 10 million customers in Spain. The cyberattack affects customers of both Endesa Energía (free market) and Energía XXI (regulated market). In Portugal, where the company is also active, the breach is not believed to have consequences.

The attack targeted Endesa’s commercial platform. On 4 January, an unknown hacker using the alias ‘Spain’ claimed on the dark web to have stolen more than 1 TB of data from over 20 million customers. Endesa confirmed the breach on 12 January, which occurred despite security measures.

Among other things, the hacker gained access to contact details, identity documents (such as the Spanish DNI and NIE) and IBAN numbers. Endesa stresses that the hackers did not steal customer account passwords.

Measures introduced

Immediately after discovering the leak, Endesa activated all security protocols, blocked the exposed accounts and took additional technical and organisational measures to stop the leak and prevent it from happening again. The company says it has already informed potentially affected customers by email. The company also reported the incident to the Spanish data protection authority (AEPD) and to the authorities.

It remains unclear how the attack was able to happen and who is behind it. Services are running normally; the investigation is ongoing, but the company is staying alert for suspicious activity.

Endesa warns of possible fraud

So far there are no indications that the hackers have acutally misused the stolen data. However, Endesa warns customers about possible risks and phishing, spam or identity theft. Malicious actors could impersonate the energy company, for example via emails or text messages.

Endesa advises customers to remain alert to suspicious communications and never to share personal data via unreliable channels. If you think you may be dealing with a suspicious situation, report it immediately to the freephone number (+34) 800 760 366.

Beware of malware disguised as Endesa: Grandoreiro campaign unleashed

You may also like

Amazon investment in Spain: €18bn more for Aragón...

Spain UK bases Iran: why Madrid said no...

Spain brown bear return to León, Zamora and...

Barcelona’s tech week is back — and this...

A messy week of weather is back on...

Spain’s cost-of-living fight moves into campaign mode

When a film gala turns into a political...

DGT 33 new speed cameras: the warning letters...

AESAN coconut sugar alert: Auchan product recalled over...

Spain warns citizens after Iran strikes as around...