Endesa

History

2026: Hacker attack on company servers

In January 2026, the major Spanish energy service provider Endesa reported compromising customer data as a result of a cyber attack. The attacker alleged theft of 1.05 TB of data allegedly belonging to more than 20 million customers. However, in reality, the total number of Endesa customers in Spain is about 10 million people.

According to the company, as a result of unauthorized access to the commercial platform, attackers gained access to personal information of customers. Consumers of the gas distributor Energia XXI were also affected. According to Endesa, basic identification data, contact information, national identity card numbers, contract information and payment details, including bank account numbers, were stolen.

𝓲

Фото: Reuters

The company said no customer passwords were affected, the incident was promptly localised and additional protective measures were put into the system. In an official statement, Endesa representatives indicated that the measures taken include immediately blocking compromised accounts, analyzing event logs and notifying all affected customers. The company also said it is constantly monitoring systems to detect suspicious activity.

According to the publication SecurityWeek, the data leak caused a significant reaction on social networks. Scores of customers expressed dissatisfaction through Platform X, criticizing the language in the official notice and Endesa's alleged lapses in information protection.

The company has no evidence of malicious use of the stolen information. Nevertheless, the energy provider recommends that customers be vigilant about common fraudulent schemes, such as phishing - sending fake emails in order to obtain confidential data, as well as identity theft.^[1]

Notes