New data leak in a Spanish multinational. The largest electricity company in the country and in Europe, Iberdrola, acknowledged this Wednesday that it had suffered a cyber attack that has exposed the data – name, surname and ID number – of 850,000 customers, almost 200,000 more than initially reported. The unauthorized incursion occurred between May 5 and 7, the date on which the company put the matter in the hands of the Spanish Data Protection Agency and the State Security Forces and Bodies.
The cyber attack, advanced by The Spanish and confirmed by this newspaper, it was “through a supplier” and has already been communicated by email to all those affected, according to the electricity company. Cybercriminals have not been able to access the “most sensitive information,” emphasizes an Iberdrola spokesperson, who states that the breach was closed “immediately,” on the same day the 7th in which the company’s IT department was aware of what occurred. The company has almost 11 million customers in Spain, between electricity (10.4 million) and gas (1.3).
Users of all types
The leaked data belongs to both free market clients (600,000) and regulated markets (250,000). “There is no specific segment,” they point out from the electricity company, which has been on alert for cyber attacks since the start of the war in Ukraine. The company has not sent any communication about this incident to the National Securities Market Commission (CNMV).
Iberdrola thus becomes the third Spanish multinational to suffer a cyber attack that exposes its clients’ data. On the 14th, it was Banco Santander that recognized “unauthorized access” to its computer systems that affected its clients in Spain, Chile and Uruguay. And this same Tuesday it was Telefónica that admitted that it is investigating a possible data leak of 120,000 customers and employees after a possible attack on a database with more than two million records.
He National Cybersecurity Institute (Incibe) recommends using web tools such as Have i Been Pwnedwhich compile all data breaches and allow potentially affected email addresses to be located.
Second leak since 2022
The energy company already suffered a major cyberattack in February and March 2022 —just at the beginning of the Russian invasion of Ukraine—, when the data of 1.3 million customers was exposed. On that occasion, in addition to the name, surname and ID, the telephone number and address of e-mail.
A little over a month ago, the Spanish Data Protection Agency imposed four fines on the parent company and its network subsidiary (I-DE) for the security breaches that made the leak possible. Then, a spokesperson for the electricity company – which claims to have 400 professionals dedicated to cybersecurity around the world – described the sanctions as “unjustified and disproportionate.”
“In recent years we have increased human and economic resources to protect ourselves. It is a priority for us,” they say from the communications department of the electricity company chaired by Ignacio Sánchez Galán. “We work continuously to combat cyberattacks, always acting with total transparency and collaborating with regulators and supervisors.”
Follow all the information Economy and Business in Facebook and xor in our weekly newsletter
#cyber #attack #Iberdrola #exposes #data #customers #Spain