Endesa and Energía XXI notify customers of data breach

Spanish energy provider Endesa and its operator Energía XXI are informing customers that hackers gained access to the company's systems, compromising contract-related information that includes personal details. The breach affects contract data for millions of customers. The energy company disclosed the security incident publicly, stating that it detected unauthorized access to its commercial platform, as reported by Bleeping Computer.

The attackers accessed basic identification details, contact information, national identity numbers, contract details, and payment information, including IBANs. Endesa and Energía XXI confirmed that account passwords were not exposed. In response, the company has blocked access to compromised accounts, initiated log analysis, and is notifying all affected customers. Enhanced monitoring is in place to detect further suspicious activity.

Threat actors have also claimed to be selling approximately 20 million Endesa customer records, with data samples aligning with the company's disclosed breach details. Endesa stated there is no evidence of fraudulent data use, but advised customers to be vigilant against identity theft and phishing. The breach has prompted Endesa to notify the Spanish Data Protection Agency and customers are urged to remain vigilant for potential misuse of their personal information.

Source: Bleeping Computer