The Spanish cooperative Zencer appears as the latest possible victim of a wave of cyberattacks shaking the national energy sector. A threat actor known as lowiq claims to have breached the company's systems to steal sensitive information.
The alleged intruder has spread his announcement on social media through portals specialized in cybercrime. He claims that the security breach occurred on April 30 and allowed him to access a considerable volume of internal data.
Lowiq prices stolen data
The attacker claims to have 88,274 company records that include tax identifiers, phone numbers, and email addresses. This database would also contain administrative and marketing information, as well as details about the company's sales and profits.
"It has 88,274 company records that include tax identification numbers" - lowiq, threat actor
Unlike other operations where information is auctioned to the highest bidder, this individual has set a fixed price. The requested amount amounts to only 80 euros for the complete package of stolen data.
The cybercriminal has published a sample of the files to accredit the veracity of his claim. In it, he makes explicit reference to large providers in the sector such as Iberdrola, which increases concern about the real scope of the incident.
Institutional silence in the face of the alert
Zencer has not issued any official statement to date confirming or denying the intrusion. This silence contrasts with the seriousness of the warnings issued by computer security experts who monitor these forums.
DailyDarkWeb points out that the exposure of this information carries severe risks for the organization and its users. The nature of the data facilitates social engineering and identity theft attacks targeting both customers and employees.
"It could imply significant risks given the nature of the data" - DailyDarkWeb, specialized outlet
This possible attack adds to a recent chain of incidents that have affected electricity supply giants in Spain. The situation reveals a systemic vulnerability in data protection within the energy industry.
Naturgy admitted yesterday a breach affecting 200,000 customers after illegitimate access to an external database. The responsible party was a hacker alias Spain, who had previously compromised Endesa and leaked data from 300,000 users to demand a ransom.
Iberdrola also suffered the indirect consequences through its partner Zirconite, which saw 150,000 records exposed. The leak included CUPS, tariffs, and even voice verification recordings of current and former customers.
The LockBit 5.0 group has also shown its activity by attacking Cegasa Energía and the consultancy Renovagy. While Cegasa assured that they managed the ransomware incident immediately, the frequency of these attacks shows that the pressure on the sector is not decreasing.