What data was stolen from Endesa Energia in the cyberattack?

Contact details, ID cards, contract data, and payment information like IBAN numbers were stolen. Passwords were not compromised.

Is there a risk of phishing after the Endesa breach?

Yes, Endesa warns that stolen data may be used for phishing and impersonation attacks. Customers should be vigilant.

How many people were affected by the Endesa Energia cyberattack?

The exact number of affected individuals is not disclosed, but a database with 20 million records allegedly from the breach is for sale.

Home / Technology / Endesa Data Breach: 20 Million Records for Sale?

Endesa Data Breach: 20 Million Records for Sale?

13 Jan

•

Summary

Endesa Energia confirmed a cyberattack leading to sensitive customer data loss.
Payment information, including IBANs, was stolen but passwords remained secure.
A database with 20 million records allegedly from the breach is offered for sale.

Endesa Data Breach: 20 Million Records for Sale?

Endesa Energia, a major European energy provider's retail arm, has revealed it was the target of a cyberattack. The incident resulted in unauthorized access to its commercial platform, leading to the theft of sensitive customer information. The company stated that while security measures were in place, attackers managed to access and exfiltrate data including contact details, ID cards, and contract information.

Critically, payment details, primarily IBAN numbers, were also compromised during the breach. However, Endesa assured customers that passwords were not taken, meaning direct account access by the attackers is unlikely. A thorough investigation is currently underway, and affected customers have been notified.

Adding to the concern, a database purportedly containing 20 million records from this breach has been discovered for sale on the dark web. Endesa has issued a strong warning to customers, advising them to be vigilant against potential phishing attacks and impersonation attempts using the stolen data.