A threat actor identifying as Spain has claimed to have leaked the personal data of 300,000 Endesa users following a security breach on the company's commercial platform. The alleged perpetrator of the attack claims the records are already available on the dark web and has set a deadline of February 2nd or 3rd to release a much larger sample, which they claim would include data from 20 million customers and former customers.
Endesa confirms the breach and activates security protocols
The company acknowledged in mid-January having detected unauthorized access to its systems. According to Endesa, the intrusion allowed third parties to access sensitive customer information, including identifying data, contracts, and, in some cases, banking information. The company activated its security protocols and notified both the Spanish Data Protection Agency and law enforcement agencies of the incident.
Endesa has indicated that passwords would not have been compromised, but other relevant personal data would have been. For the moment, it has not been possible to independently verify whether the 300,000 published records come from the same incident acknowledged by Endesa or from a different source.
Threat actor insists on contact and issues warnings
Spain claims to have contacted Endesa on several occasions and maintains that it is willing to collaborate to prevent further damage. The actor has published several messages on the dark web in which he insists on his ability to leak the entire database if he does not receive a response from the company.
"I have uploaded 300,000 examples, it's 100% in Endesa's hands, I have been and am willing to collaborate" - Spain, alleged threat actor
In another message, Spain warns other dark web users about the authenticity of the database and the exclusivity of the information, denying that other actors have access to the same data
"100% scammers, nobody has this database. Don't trust them, because they don't have it" - Spain, alleged threat actor
Investigation underway and alert on data protection
The investigation into the leak and the real extent of the exposed data remains open. Endesa maintains communication with the competent authorities and has reiterated that the security of its clients' information is a priority. The deadline announced by Spain for the publication of more data ends in the first days of February, which keeps users of the company in Barcelona, Girona, Tarragona, and the rest of the territory on alert
For now, the exact origin of the leaked data and the actual number of affected individuals remain under investigation.