- Endesa Energia suffered from unauthorized access and exposed customer data and IBAN numbers
- Hackers reportedly sell 20 million records, 1TB SQL files, on dark web
- Company warns of phishing, risk of impersonation; investigation underway
Endesa Energia, the retail arm of one of Europe’s largest energy providers, Endesa, SA, has confirmed that it has recently suffered a cyber attack that saw it lose sensitive data on an unknown number of people.
In a press release, published in Spanish on the company’s website, Endesa Energia said it detected “unauthorized and illegitimate access” to its commercial platform.
“Despite the security measures implemented by this company”, the unnamed threat actors managed to access and exfiltrate certain personal data belonging to the company’s customers, including contact data, ID cards and data related to Endesa Energia contracts. Even more painfully, the attackers stole payment information (mostly IBAN numbers), but passwords were not taken, so the hackers would not have access to people’s accounts.
Data for sale
A full investigation is currently underway, but to address the incident, Endesa Energia removed the hacker from its systems, analyzed the logs to see how much damage had been done, and notified affected customers.
We don’t know exactly how many people are affected by this breach, but Spanish law enforcement and data watchdogs were also notified.
So far, there is no evidence that the data has been misused or sold on the dark web, the announcement further explains. However, Bleeping Computer found a database for sale on the dark web that appears to come from this incident.
In a recent thread on an underground forum, a cybercriminal is offering the database, which allegedly contains 20 million records, to a single, exclusive buyer. The ad says the database contains about 1TB of SQL files.
Endesa warns that crooks may try to “impersonate or impersonate” the users, publish the data or use it in phishing attacks. “Therefore, we recommend that you pay particular attention to possible suspicious communications that you may receive in the coming days and that you report any irregularity or mistrust that you may discover in this regard,” the machine-translated message reads.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
