"Spanish energy giant Endesa is warning customers about a data breach after a cybercrim claimed to have walked off with a vast cache of personal information allegedly tied to more than 20 million people. Endesa is Spain's largest electricity utility and a subsidiary of Italy's Enel Group, supplying power and gas to millions of homes and businesses across the Iberian Peninsula."
"In a notice tucked away on its website, Endesa said it uncovered "unauthorized and illegitimate access" to a commercial platform used to manage customer information, prompting the activation of its incident response procedures and an internal investigation. The company said it acted "immediately" to contain the intrusion, but acknowledged that attackers were able to access and potentially exfiltrate "certain personal data of our customers related to their energy contracts" before the door was shut."
"The information involved may include identifying and contact details, national identity numbers, and contract-related data, with some customers' bank account numbers (IBANs) also potentially exposed. Endesa said passwords were not accessed, a small mercy that may head off mass account takeovers, but one that offers little reassurance to customers whose ID and banking details could now be doing the rounds."
Endesa disclosed unauthorized access to a commercial platform that manages customer information and activated incident response procedures and an internal investigation. The company said it acted immediately to contain the intrusion but acknowledged attackers accessed and potentially exfiltrated certain personal data related to energy contracts before containment. The exposed data may include identifying and contact details, national identity numbers, contract-related data, and some customers' bank account numbers (IBANs); passwords were not accessed. Affected customers have been notified and the incident has been reported to the Agencia Española de Protección de Datos under GDPR. A threat actor claims a 1.05 TB database of over 20 million records.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]