Spanish Energy Giant Endesa Discloses Data Breach Affecting Customers

Spanish energy provider Endesa and its Energía XXI operator are notifying customers that hackers accessed the company's systems and accessed contract-related information, which includes personal details.

Endesa is the largest electric utility company in Spain, now owned by Enel Group, that distributes gas and electricity to more than 10 million customers in Spain and Portugal. In total, the company says it has about 22 million clients.

The energy company notified its Energía XXI affected customers affected by the breach and also disclosed the security incident publicly, saying that it detected unauthorized access to its commercial platform.

"Despite the security measures implemented by this company, we have detected evidence of unauthorized and illegitimate access to certain personal data of our customers related to their energy contracts, including yours," the company says.

The investigation so far indicates that the hackers had access to the following data types:

Both Energía XXI and Endesa specified that the security incident has not exposed account passwords.

In response to the situation, the company blocked access to compromised internal accounts, dumped log records for analysis, and is currently in the process of notifying all customers. Moreover, elevated monitoring has been established to detect further suspicious activity.

As the investigation is still underway, the firm has notified the Spanish Data Protection Agency and all pertinent authorities in the country.

"As of the date of this communication, there is no evidence of any fraudulent use of the data affected by the incident, making it unlikely that a high-risk impact on your rights and freedoms will materialize," Endesa notes.

However, a risk exists, and letter recipients are urged to be vigilant for identity impersonation, data theft, and phishing attacks, and are requested to report any suspicious activity at a number included in the notification.

Source: BleepingComputer