Spanish energy giant Endesa on Monday said a cyberattack had compromised the personal data of some of its millions of customers but ruled out fraudulent use of the information.
A “malicious actor” accessed data related to customer energy contracts, contact details, ID numbers and payment methods, the company said in a message to clients and posted on its website.
“In no case have password access data been compromised,” Endesa said, adding that its security protocols contained and mitigated the incident “immediately and satisfactorily”.
Advertisement
“There is no record of any fraudulent use of the data affected by the incident, making it unlikely that a high-risk impact on your rights and freedoms materialises,” the letter said, without specifying when the hack happened.
Endesa declined to state how many customers had been affected. The company says it has more than 10 million in Spain and Portugal.
The group said it was investigating “to obtain a full understanding of what happened” and had notified the breach to the authorities, including Spain’s data protection agency.
Spanish consumer watchdog Facua has urged the Spanish Data Protection Agency (AEPD) to open an investigation into the Endesa hack and recommended that Endesa and Energía XXI customers take extra precautions.
“Pay attention to any suspicious communications or requests for unusual actions by email or telephone, as cybercriminals could use this information to try to perpetrate fraud or scams,” Facua advised.
In November, Spain’s flag carrier Iberia said hackers had accessed private customer data, but added that there were no signs of fraudulent use.
With additional reporting by Alex Dunham
