Spanish Energy Giant Endesa Confirms Breach as Data Appears on Dark Web

Endesa Energia, a subsidiary of the Spanish top energy provider, Endesa, S.A., has confirmed a data breach because of a cyberattack. The hack exposed some sensitive data belonging to many people, although the company has not disclosed the exact number.

The firm has also started informing its customers via email of the data breach and potential impersonation scams that could follow.

Endesa Notifies Customers of Data Breach

Spain’s largest electric utility firm, Endesa, and its operator, Endesa Energia, have notified customers and the public of the recent data breach of its commercial platform. Notably, the breach affected customers of Endesa Energia.

According to its statement, the company noted that it discovered unauthorized and illegitimate access to some personal data of its customers, which is related to their energy contracts.

Further, the energy utility provider explained the possibility of the hacker accessing and exfiltrating basic identification data, national identity card numbers, and contract information. Other intercepted data include customers’ payment details and contract details with Endesa Energia.

The energy company said it has found no evidence that attackers tampered with the breached data or sold it on the dark web.

However, this is a common initial finding that often precedes dark web exposure, as seen in other major breaches like the recent Qantas incident, where stolen data was later confirmed for sale following a cyberattack.

Threat Actor “Spain” Claims Responsibility for Endesa’s Data Breach

A threat actor, with the pseudonym “Spain,” has claimed to be responsible for the recent cyberattack on Endesa Energia’s data system. The hacker is allegedly trading both new and old unique databases comprising over 20 million persons.

This is the latest in a series of massive data exposures in the country, following the recent arrest of a teenager in Spain for the alleged dark web sale of a database containing the personal information of 64 million citizens.

The dataset, which reportedly amounts to about 1.05 terabytes of SQL files, contains sensitive information such as national IDs, addresses, and electricity and gas contract details. The exfiltrated files also contain financial data like IBANs, customers’ billing records, account history, and other financial changes.

The breached data also included energy data, such as CUPS (Unique Supply Point Identifier), supply point data, and details on incidents’ history.

Endesa Flags Investigations and Implements Containment Measures

Following the recent breach, Endesa Energia has taken some internal containment measures to ward off further damage to its customers and business. It activated technical and organizational processes to halt further unauthorized access and to safeguard its remaining data and internal system.

The measures include instant blocking of compromised customer access, log record analysis, and notification to all affected clients. Also, the firm initiated special continuous surveillance of its internal systems in readiness to identify any suspicious action.

Moreover, the company will conduct an internal review of the severity of the cyberattack, financial losses, and the implications for the company and its customers. The company’s investigation will also extend to its business partners for the purpose of gaining additional insight into the cyberattack.

Endesa has further followed applicable compliance regulations by notifying relevant authorities, including the Spanish Data Protection Agency and other data watchdogs.

Endesa Energy told affected customers via email that the data breach is not expected to impact users’ rights and freedoms. It warned individuals to beware of any suspicious communication and impersonation from scammers who may plan to take advantage of the situation to scam them.