Data leak at Endesa exposes 300,000 customers
- Cyberpeace Tech
- Jan 29
- 2 min read
A new episode of data leakage at Endesa has set off alarms in the energy and cybersecurity sectors. A malicious actor identified as Spain claims to have published personal information corresponding to 300,000 of the company's customers, holding the company directly responsible for the consequences of the incident.
According to statements attributed to the attacker, the publication of these records is only a sample of the total volume of compromised information.
The alleged perpetrator claims to have attempted to communicate with the company on several occasions, pointing out that there is still time to avoid a greater impact.
Endesa data leak and threats of further exposure
The cybercriminal claims that access to the information is exclusive and warns about alleged third parties who claim to possess the complete database, describing them as fraudulent.
According to his version, only he has control over the records obtained during the attack.
In addition, the threat actor has set a deadline for releasing a much larger amount of information, which could involve millions of customers and former customers of the energy company. This type of pressure is a recurring practice in incidents of digital extortion and massive leaks.
A confirmed security incident
Days before these statements, Endesa publicly acknowledged the existence of a security breach in its commercial platform. The company reported that unauthorized access allowed sensitive data such as identifying information, contract details, and, in certain cases, bank details to be accessed.
Although the company clarified that passwords had not been compromised, the exposure of this type of information represents a significant risk for users, especially in terms of fraud, identity theft, and subsequent attacks.
The case was reported to the relevant authorities and internal incident response protocols were activated. However, it has not yet been independently confirmed whether the records published by the attacker come directly from this breach or from another source.
Lessons for Mexico and cybersecurity
This incident serves as a relevant example for Mexico, where companies in strategic sectors, such as energy, handle large volumes of personal data. The Endesa data breach reinforces the importance of having robust cybersecurity strategies, constant monitoring, and incident response plans in place to reduce the impact on customers and corporate reputation.
The evolution of this case will be key to understanding the real scope of the breach and the risks associated with the massive exposure of sensitive information in critical infrastructures.
At Cyberpeace, we promote the importance of staying up to date on cybersecurity incidents and digital risks. Understanding these threats is key to anticipating and protecting personal and business information.
Prevention begins with knowledge. If you want to continue learning about cybersecurity and data protection, we invite you to follow our social media accounts and stay informed.
Comments