In a privacy notice on Endesa‘s website, the company said hackers accessed its commercial platform and obtained customer contract information including identification and payment data. The provider and its operator Energía XXI are notifying customers and serve more than 10 million in Spain and Portugal with about 22 million clients in total.
KEY FACTS
- Incident Unauthorized access to the commercial platform and contract data
- Data exposed Identification, contact information, national ID numbers (DNI), contract records, payment details including IBANs
- Scale The group serves over 10 million customers in Spain and Portugal and about 22 million clients overall
- Response Internal accounts blocked, logs exported, monitoring increased, notifications under way
Accessed data types include basic identification details, contact information, national identity numbers (DNI), contract records, and payment details including IBANs. Account passwords were not exposed.
Access to compromised internal accounts was blocked and log records were exported for analysis. Notifications are being sent to affected customers and monitoring was increased to detect further suspicious activity.
The Spanish Data Protection Agency and other relevant authorities were notified and an investigation remains ongoing. There is no evidence so far of fraudulent use of the affected data.
Threat actors published samples described as stolen data and offered an alleged dataset of about 1 TB of SQL databases for sale to a single buyer. The seller claimed roughly 20 million records, a number that aligns with the types of data described in the notice. A spokesperson limited comments to the official statement.
WHY IT MATTERS
Exposed personal and payment information raises the risk of identity impersonation, financial fraud and targeted phishing. Affected customers should monitor account activity and follow the reporting instructions provided in the notification.