Spanish energy giant Endesa says it was hit by data breach
TL;DR
Endesa Energia, a major Spanish energy provider, confirmed a cyberattack that compromised customer data, including contact info, IDs, and payment details. The breach involved unauthorized access to its commercial platform, with stolen data reportedly for sale on the dark web.
Source: TechRadar Pro
Endesa Energia, the retail arm of one of Europe’s biggest energy providers, Endesa, S.A., has confirmed it recently suffered a cyberattack which saw it lose sensitive data on an undisclosed number of people. In a press release, published in Spanish on the company’s website, Endesa Energia said it detected “unauthorized and illegitimate access” to its commercial platform. “Despite the security measures implemented by this company”, the unnamed threat actors managed to access, and exfiltrate, certain personal data belonging to the company’s customers, including contact data, ID cards, and data related to Endesa Energia contracts. Even more painfully, the attackers stole payment information (mostly IBAN numbers). BleepingComputer found a database for sale on the dark web, appearing to come from this incident. Full Story