LT Tech Blog

Wow News on Tech and AI

Cybersecurity Threats & Incidents

Endesa investigates after alleged cybertheft of personal data affecting millions

By

Jan 14, 2026 #1.05 TB claimed leak, #Endesa data breach, #energy sector, #IBAN exposed, #personal data exposure

TL;DR

Endesa says it detected unauthorized access to a commercial platform holding customer records and has alerted affected users and Spain's data protection authority. An actor claiming the handle "Spain" has posted that they stole a 1.05 TB dataset tied to more than 20 million people, a claim the company has not confirmed.

What happened

Endesa, Spain's largest electricity utility and a subsidiary of Italy's Enel Group, disclosed that it identified "unauthorized and illegitimate access" to a commercial platform used to manage customer information. The firm said it activated incident-response measures and worked to contain the intrusion, but acknowledged attackers may have accessed and potentially removed certain personal data tied to energy contracts. The data potentially exposed includes contact and identifying details, national identity numbers, and contract information; some customers' IBANs may also have been involved. Endesa said passwords were not accessed. A person using the handle "Spain" has claimed to have taken a 1.05 TB database covering over 20 million individuals, but Endesa has not confirmed that characterization. The company reported the incident to Spain's Agencia Española de Protección de Datos and has notified affected customers, while advising vigilance for phishing and suspicious communications as its investigation continues.

Why it matters

  • Personal identifiers and some bank account numbers may have been exposed, raising risks of identity theft and financial fraud.
  • If the attack affected millions as claimed, it would rank among the larger data incidents in Spain and could trigger regulatory scrutiny and remediation costs.
  • Exposure of contract and identity details could be leveraged in targeted phishing or social-engineering campaigns aimed at customers.
  • Under GDPR, the company is required to report incidents and notify affected individuals; the breach could prompt investigations or enforcement action depending on findings.

Key facts

  • Endesa detected unauthorized access to a commercial platform that stores customer information.
  • The company activated incident-response procedures and said it acted immediately to contain the intrusion.
  • Potentially accessed data includes contact and identifying details, national identity numbers, contract data and some IBANs; passwords were not accessed according to Endesa.
  • Affected customers have been notified and the incident was reported to the Agencia Española de Protección de Datos as required under GDPR.
  • A threat actor using the handle "Spain" claims to have stolen a 1.05 TB database tied to more than 20 million people.
  • Endesa has not confirmed the scale of the alleged theft, nor disclosed how systems were compromised or the attack vector.
  • The Register sought comment from Endesa and did not receive a response to questions about the attackers' claims.

What to watch next

  • Whether Endesa's investigation confirms or disputes the claim of a 1.05 TB dataset and coverage of over 20 million individuals (not confirmed in the source).
  • Forensic findings on the method of compromise, including whether stolen credentials, a software flaw, or another vector was used (not confirmed in the source).
  • Any disclosure of stolen records being published or offered for sale on criminal forums (not confirmed in the source).

Quick glossary

  • Data exfiltration: The unauthorized transfer of data from a computer or network to a location controlled by an attacker.
  • IBAN: International Bank Account Number, a standardized identifier used to facilitate cross-border and domestic bank payments.
  • GDPR: General Data Protection Regulation, the EU legal framework governing personal data protection and breach notification requirements.
  • Incident response: A set of processes and actions taken by an organization to detect, contain, investigate, and remediate a cybersecurity incident.
  • Phishing: A type of social-engineering attack where fraudsters attempt to trick people into divulging sensitive information or credentials.

Reader FAQ

Has Endesa confirmed the attacker’s claim of a 1.05 TB database covering over 20 million people?
Not confirmed in the source.

Were customer passwords accessed in the incident?
Endesa said passwords were not accessed.

Has Endesa notified customers and regulators?
Yes. Affected customers were notified and the incident was reported to the Agencia Española de Protección de Datos.

Do we know how the attacker got into Endesa's systems?
Not confirmed in the source.

CYBER-CRIME Spanish power giant sparks breach probe amid claims of massive data grab Endesa says payment info stolen after alleged crook boasted of 1 TB-plus haul Carly Page Wed 14 Jan 2026 //…

Sources

Related posts

By

Related Post

Cybersecurity Threats & Incidents

Eurail data breach exposes passports, bank details; users urged to act

Jan 14, 2026
Cybersecurity Threats & Incidents

Belgian hospitals shut servers, refuse ambulances and transfer critical patients

Jan 14, 2026
Threats & Incidents Vulnerabilities & CVEs

Microsoft January 2026 Patch Tuesday: 113 Flaws, Zero-Day Exploited

Jan 14, 2026

Leave a Reply

Your email address will not be published. Required fields are marked *


You missed

Consumer Tech & Gadgets Product launches

Honda relaunches Acura RDX as next-generation two-motor hybrid SUV

January 14, 2026
App updates Chips for AI (NVIDIA/AMD/TPU)

Nvidia app update brings DLSS 4.5 Super Resolution and Control Panel additions

January 14, 2026
AI in Business Big Tech

Tesla ends standalone FSD sales, moves Full Self-Driving to subscription

January 14, 2026
AI in Business Cloud & Dev

Moody’s says $3T needed for AI datacenters as risks and costs mount

January 14, 2026