Residents of Barcelona, Girona, and Tarragona have reported in recent hours attempts at phone scams and fraud linked to the recent leak of personal data of Endesa customers. Those affected report calls in which the interlocutors pose as employees of banking entities and warn about supposed suspicious payments, which are actually requests for reverse Bizum.
Data Leakage and Increase in Fraud Attempts
The leak has exposed sensitive information such as ID numbers, bank IBANs, and customer contact details. Users from various neighborhoods in Barcelona and municipalities in the metropolitan area have reported on social media that, after this incident became known, they have started receiving fraudulent communications. In these calls, the alleged scammers use the leaked data to gain credibility and pressure victims.
**As of January 20, 2026, Endesa has not officially confirmed the extent of the leak or the nature of the compromised data.** However, concern is growing among users due to an increase in scam attempts.
Experts warn of the risk and recommend measures
Kenia Mestre, a data protection expert, emphasizes that the fact that data has been leaked does not mean that all clients will suffer fraud. Nevertheless, she acknowledges that the exposure to risk has objectively increased.
"It does not automatically imply that you will suffer fraud, but it does objectively increase the level of exposure to risk" - Kenia Mestre, data protection expert
Miguel Ángel Lucero, a cybersecurity specialist, clarifies that to link the scam attempts with the leak, it would be necessary to cross-reference the data of the affected customers with the complaints filed.
Faced with this situation, Mestre reminds that any client can request information from Endesa about the compromised data and, if applicable, ask for its deletion or restriction of use.
Safety Recommendations for Those Affected
The National Cybersecurity Institute (INCIBE) advises changing access passwords for digital services and filing a report with the authorities if unauthorized use of personal data is detected
The cybersecurity company ESET recommends activating two-factor authentication and periodically reviewing bank statements to identify possible unauthorized transactions.
Experts insist on exercising extreme caution with any unsolicited communication, especially if it generates urgency or pressure to act immediately. Mestre warns that neither Endesa, nor banking institutions, nor payment services like Bizum request over the phone the acceptance of operations to cancel payments, receive money, or verify alleged fraud.
"In these cases, the most prudent thing to do is to end the communication and contact the entity directly through official channels" - Kenia Mestre, data protection expert
INCIBE also recommends being wary of links or files included in messages of dubious origin and keeping mobile devices and computers updated. Vigilance and caution are essential to avoid falling victim to these scams, which, according to experts, could increase after the leak.