Spanish energy giant Endesa says it was hit by data breach, customers affected and 20 million files allegedly put up for sale

• Endesa Energia suffered unauthorized access, exposing customer data and IBAN numbers
• Hackers allegedly selling 20m records, 1TB SQL files, on dark web
• Company warns of phishing, impersonation risks; investigation ongoing

Endesa Energia, the retail arm of one of Europe’s biggest energy providers, Endesa, S.A., has confirmed it recently suffered a cyberattack which saw it lose sensitive data on an undisclosed number of people.

In a press release, published in Spanish on the company’s website, Endesa Energia said it detected “unauthorized and illegitimate access” to its commercial platform.

“Despite the security measures implemented by this company”, the unnamed threat actors managed to access, and exfiltrate, certain personal data belonging to the company’s customers, including contact data, ID cards, and data related to Endesa Energia contracts. Even more painfully, the attackers stole payment information (mostly IBAN numbers), however passwords were not taken, so the hackers ...