Endesa Energía has recently acknowledged an unauthorized access to its commercial platform that has resulted in the extraction of sensitive customer data related to their electricity and gas contracts. The company has started notifying affected users via email after the security incident was discovered.
Illegitimate access and compromised data
The energy company has described the episode as an “unauthorized and illegitimate access”, which, according to its preliminary investigation, has resulted in the extraction of key personal information of customers. Among the data to which the cybercriminal may have had access are contact details, identity documents (DNI) and the IBAN of bank accounts. Endesa Energía has clarified that, for the moment, the access passwords of its users have not been affected.
Although no misuse of the stolen data has been detected so far, the company warns that the malicious actor could attempt various types of fraud using the stolen information. Potential risks include identity theft or impersonation, the publication of data in digital forums, or the sending of fraudulent emails or messages as part of phishing and spam campaigns targeting affected customers.
Recommendations for possible fraud
In the e-mail sent to those affected, Endesa Energía considers that it is “unlikely” that this theft “will materialize in a high-risk affectation to their rights and freedoms”, but nevertheless urges customers to remain alert to any suspicious communication that may arrive in the coming days. The company has enabled the telephone number 800 760 366 for users to report any unusual action or alert related to this incident.
In addition to notifying users of the access, Endesa Energía has activated security protocols and procedures established for these cases. The company assures that it has implemented all the technical and organizational measures necessary to contain the breach, mitigate its effects and prevent incidents of this nature from recurring in the future.
The leaked information and its seriousness
The Escudo Digital portal, which announced the existence of the alleged hack on January 6, has published details that suggest the magnitude of the cyber-attack. According to this source, the hacker responsible published information in a forum on the dark web, where he claimed to have obtained more than 1 TB of company information, corresponding to more than 20 million people.
According to Escudo Digital, the information found in the leaked database included an extreme level of sensitivity, with personal, financial and energy data. These include names and surnames, contact details, postal addresses and the account-person relationship; as well as financial data such as IBAN, billing data and account history and changes. Energy data such as CUPS (unique supply point identifier), active electricity and gas contracts, supply point data and information on the history of incidents and regulatory elements such as membership in Robinson Lists or exempt accounts were also extracted.
Implications for customers and latent risk
The exposure of such extensive and detailed data may have long-term implications for Endesa Energía’s customers, as the leaked information includes both personally identifiable, financial and contractual data. Although Endesa reaffirms that there is no record of fraudulent use so far, the possibility of this data circulating on illicit networks increases the risk of targeted fraud and identity theft.
The company’s warning that users should be on the lookout for suspicious communications underscores the potential danger even when no immediate fraudulent activity is detected. Cybercriminals often use data like this to design increasingly convincing and personalized emails, making potential victims more vulnerable to sophisticated deception.
Corporate response and containment measures
Endesa Energía has implemented its internal incident response mechanisms, which include the activation of technical and organizational measures to stop illicit access and protect remaining systems and data. The company has also launched an investigation to determine more precisely the scope of the breach, identify potential vulnerabilities exploited and strengthen its defenses.
Although it has not provided a detailed timeline for this investigation, the activation of security protocols indicates that the company takes the incident seriously and is seeking a comprehensive solution that will prevent recurrences.
The role of users in fraud prevention
The clear recommendation for affected customers is to remain vigilant in the face of any communication that may seem suspicious, and not to provide personal or financial information through links or messages they receive, even if they appear to come from legitimate sources. The defense against phishing and other frauds is to always verify the authenticity of requests for information and, if in doubt, contact the company’s official channels directly.
