Endesa
Company Details
Linkedin ID:
endesa
Website:
Employees number:
7,444
Number of followers:
328,462
NAICS:
22
Industry Type:
Homepage:
endesa.com
IP Addresses:
294
Company ID:
END_9404315
Scan Status:
Completed
Endesa Company CyberSecurity Posture
endesa.com
We are leaders in the Spanish electric power industry and the second operator in the Portuguese electric market. With more than 10 thousand employees, we provide our services to 12.6 million clients and our core business is the production, transportation, distribution and commercialization of electric power. We also operate in the natural gas sector and we develop other energy-related services. We are a company that looks ahead to the future: we bet on a more sustainable energetic culture and we are committed with our responsibility of actively contributing to the construction of an intelligent energetic future through innovation. From the third trimester of 2009, we are part of the Enel group, the biggest electric power company in Italy and the second utility of Europe by installed capacity; which operates in more than 30 countries in four continents, sells gas and electricity to close to 61 million clients and relies on 96 GW of net installed capacity and more of 71.000 employees in a broad range of energy generation businesses: hydroelectric, thermoelectric, nuclear, geothermal, wind power, solar, gas and others. The Enel group is strongly committed with renewable energy sources and the investigation and development of new environment respectful technologies. Enel Green Power (EGP) is the Company listed in the stock market of the Group that is focused to the generation of renewable energy, which operates sources of more than 9 GW of net installed capacity based on hydric, wind power, geothermal and bio-matter generation and co-generation in Europe, America and Africa. Enel Green Power is the renewable energy company with intelligent technology more diversified amongst its competitors around the world. From 2013 onwards, more than 40% of the electricity generated by the group was produced without carbon dioxide emissions.
Endesa A.I CyberSecurity Scoring
Endesa Risk Score (AI oriented)Between 750 and 799
Endesa
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Endesa Global Score (TPRM)XXXX
Endesa
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Endesa Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Endesa: Spanish energy giant Endesa discloses data breach affecting customers
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Endesa and Energía XXI Report Data Breach Affecting Millions of Customers Spanish energy provider Endesa and its subsidiary Energía XXI have disclosed a data breach involving unauthorized access to customer contract information. The incident, detected on an unspecified date, exposed personal and financial details of affected clients, though no account passwords were compromised. Scope and Impact Endesa, Spain’s largest electric utility company under the Enel Group, serves over 22 million customers across Spain and Portugal. The breach targeted its commercial platform, with hackers accessing: - Basic identification details (names, addresses) - Contact information (phone numbers, emails) - National identity numbers (DNI) - Contract and payment details, including IBANs While the company states there is no current evidence of fraudulent data misuse, it acknowledges potential risks, including identity theft and phishing attacks. Endesa has notified Spain’s Data Protection Agency and relevant authorities, implementing heightened monitoring and blocking compromised internal accounts. Ongoing Investigation and Threat Actor Claims The breach’s full extent remains under investigation, with Endesa pledging to notify affected customers as new details emerge. Meanwhile, threat actors have advertised a purported 1TB database of Endesa customer records allegedly 20 million entries for sale to a single buyer. The samples align with the data types Endesa confirmed were accessed, though the company has not verified the hackers’ claims. Energía XXI has assured customers that operations and services remain unaffected, with no disruption to energy distribution. The company continues to analyze logs and reinforce security measures.
Endesa Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Endesa
Incidents vs Utilities Industry Average (This Year)
Endesa has 0.0% fewer incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Endesa has 28.57% fewer incidents than the average of all companies with at least one recorded incident.
Incident Types Endesa vs Utilities Industry Avg (This Year)
Endesa reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Endesa (X = Date, Y = Severity)
Endesa cyber incidents detection timeline including parent company and subsidiaries
Endesa Company Subsidiaries
We are leaders in the Spanish electric power industry and the second operator in the Portuguese electric market. With more than 10 thousand employees, we provide our services to 12.6 million clients and our core business is the production, transportation, distribution and commercialization of electric power. We also operate in the natural gas sector and we develop other energy-related services. We are a company that looks ahead to the future: we bet on a more sustainable energetic culture and we are committed with our responsibility of actively contributing to the construction of an intelligent energetic future through innovation. From the third trimester of 2009, we are part of the Enel group, the biggest electric power company in Italy and the second utility of Europe by installed capacity; which operates in more than 30 countries in four continents, sells gas and electricity to close to 61 million clients and relies on 96 GW of net installed capacity and more of 71.000 employees in a broad range of energy generation businesses: hydroelectric, thermoelectric, nuclear, geothermal, wind power, solar, gas and others. The Enel group is strongly committed with renewable energy sources and the investigation and development of new environment respectful technologies. Enel Green Power (EGP) is the Company listed in the stock market of the Group that is focused to the generation of renewable energy, which operates sources of more than 9 GW of net installed capacity based on hydric, wind power, geothermal and bio-matter generation and co-generation in Europe, America and Africa. Enel Green Power is the renewable energy company with intelligent technology more diversified amongst its competitors around the world. From 2013 onwards, more than 40% of the electricity generated by the group was produced without carbon dioxide emissions.
Loading...
Endesa Similar Companies
Neoenergia
Somos uma companhia de capital aberto com ações (NEOE3) negociadas na Bolsa de Valores de São Paulo. Parte do grupo espanhol Iberdrola, atuamos no Brasil desde 1997, e atualmente, somos uma das líderes do setor elétrico do país. Estamos presentes em 18 estados e no Distrito Federal, com negócios em
Dominion Energy (NYSE: D), headquartered in Richmond, Va., provides regulated electricity service to 3.6 million homes and businesses in Virginia, North Carolina, and South Carolina, and regulated natural gas service to 500,000 customers in South Carolina. The company is one of the nation’s leading
Southern Company
Together with our subsidiaries, we deliver clean, safe, reliable and affordable energy to our 9 million customers. Our focus is doing so with service excellence. That means we are leaders who take action to meet our customers’ and communities’ needs while advancing our commitment to net zero emiss
Grupo Energisa
O Grupo Energisa tem na distribuição de energia elétrica a principal base de seu negócio. Com cinco distribuidoras no Brasil, das quais três na região Nordeste (Energisa Sergipe - Distribuidora de Energia S/A nova denominação de Energipe, no Estado de Sergipe, Energisa Paraíba - Distribuido
Adani Group
Adani Group is a diversified organisation in India comprising 10 publicly traded companies. It has created a world class transport and utility infrastructure portfolio that has a pan-India presence. Adani Group is headquartered in Ahmedabad, in the state of Gujarat, India. Over the years, Adani Grou
Saudi Electricity Company
The Saudi Electricity Company was established on the 5th of April in the year 2000, incorporated in accordance with Council of Ministers Mandate No. 169 dated November 30th, 1998, the Saudi Electricity Company was born out of the merger of smaller regional power company in the central, eastern, west
NextEra Energy, Inc.
NextEra Energy, Inc. (NYSE: NEE) is one of the largest electric power and energy infrastructure companies in North America and is a leading provider of electricity to American homes and businesses. Headquartered in Juno Beach, Florida, NextEra Energy is a Fortune 200 company that owns Florida Power
Centrica is an international energy services and solutions company, founded on a 200-year heritage of serving customers in homes and businesses. We supply energy and services to over 10 million customers, mainly in the UK and Ireland, through brands such as British Gas, Bord Gáis Energy and Centri
We are a multinational company changing the face of energy, one of the world’s leading integrated utilities. As the largest private player in producing clean energy with renewable sources we have more than 92 GW of total capacity, including around 67 GW of renewables. Distributing electricity throu
.png)
Endesa CyberSecurity News
January 12, 2026 02:06 PM
Endesa electric company hacked: Canary Islands customers warned after major data breach
Early investigations suggest the hacker may have downloaded names, addresses, contact numbers, ID documents, and IBAN numbers…
January 12, 2026 11:05 AM
A cyberattack extracts personal data from Endesa customers.
BarcelonaEndesa Energía has acknowledged unauthorized access to its sales platform, resulting in the theft of customer data related to their...
January 12, 2026 10:48 AM
Spanish electricity company Endesa reports customer data theft, including bank details
Spain's leading electricity supply company Endesa has issued a warning following a "security incident" that has compromised a cache of...
January 05, 2026 04:31 PM
Alleged cyberattack targets Spain's Endesa, exposing data of millions
A cybercriminal threat actor known as "spain" has claimed responsibility for a major data breach involving Endesa, one of Spain's largest...
December 04, 2025 08:00 AM
Phishing: what it is, how to spot it, and what to do if you are targeted by an impersonation attempt
How to protect yourself from phishing campaigns that make fraudulent use of Endesa's name to trick and confuse you with your electricity and...
April 29, 2025 07:00 AM
Spain launches official probe into blackout as court investigates possible 'cyberterrorism'
PM Sánchez vows incident "must never happen again" as Spain's National Court orders reports from Red Eléctrica and security agencies.
April 28, 2025 07:00 AM
Cyberattack may be behind Europe’s largest blackout in history: What we know
One of the largest blackouts in history occurred in Europe, paralyzing infrastructure operations across several countries.
January 22, 2025 08:00 AM
MásOrange said to plan new B2B unit as part of growth ventures overhaul
Spanish operator is said to be eyeing further diversification as part of a wider strategy to drive growth and reduce debt.
June 06, 2024 07:00 AM
The Downside of Digital Transformation for Utilities: Data Privacy and Cybersecurity Risks
This article highlights the materiality of data privacy and cybersecurity risks for utilities. It outlines the sector's digital...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Endesa CyberSecurity History Information
Official Website of Endesa
The official website of Endesa is http://www.endesa.com.
Endesa’s AI-Generated Cybersecurity Score
According to Rankiteo, Endesa’s AI-generated cybersecurity score is 751, reflecting their Fair security posture.
How many security badges does Endesa’ have ?
According to Rankiteo, Endesa currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Endesa been affected by any supply chain cyber incidents ?
According to Rankiteo, Endesa has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Endesa have SOC 2 Type 1 certification ?
According to Rankiteo, Endesa is not certified under SOC 2 Type 1.
Does Endesa have SOC 2 Type 2 certification ?
According to Rankiteo, Endesa does not hold a SOC 2 Type 2 certification.
Does Endesa comply with GDPR ?
According to Rankiteo, Endesa is not listed as GDPR compliant.
Does Endesa have PCI DSS certification ?
According to Rankiteo, Endesa does not currently maintain PCI DSS compliance.
Does Endesa comply with HIPAA ?
According to Rankiteo, Endesa is not compliant with HIPAA regulations.
Does Endesa have ISO 27001 certification ?
According to Rankiteo,Endesa is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Endesa
Endesa operates primarily in the Utilities industry.
Number of Employees at Endesa
Endesa employs approximately 7,444 people worldwide.
Subsidiaries Owned by Endesa
Endesa presently has no subsidiaries across any sectors.
Endesa’s LinkedIn Followers
Endesa’s official LinkedIn profile has approximately 328,462 followers.
NAICS Classification of Endesa
Endesa is classified under the NAICS code 22, which corresponds to Utilities.
Endesa’s Presence on Crunchbase
Yes, Endesa has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/endesa.
Endesa’s Presence on LinkedIn
Yes, Endesa maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/endesa.
Cybersecurity Incidents Involving Endesa
As of January 25, 2026, Rankiteo reports that Endesa has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Endesa has an estimated 4,236 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Endesa ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Endesa detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with blocked access to compromised internal accounts, dumped log records for analysis, and remediation measures with notifying affected customers, elevated monitoring for suspicious activity, and communication strategy with public disclosure, direct customer notifications, and .
Incident Details
Can you provide details on each incident ?
Title: Unauthorized Access to Endesa and Energía XXI Customer Data
Description: Spanish energy provider Endesa and its Energía XXI operator notified customers that hackers accessed the company's systems and accessed contract-related information, including personal details. The investigation indicates unauthorized access to basic identification details, contact information, national identity numbers (DNI), contract details, and payment details (including IBANs).
Type: Data Breach
Motivation: Financial Gain (Data for Sale)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach END1768237930
Data Compromised: Basic identification details, contact information, national identity numbers (DNI), contract details, payment details (IBANs)
Systems Affected: Commercial platform
Operational Impact: No impact on operations or services
Identity Theft Risk: High (identity impersonation, phishing attacks)
Payment Information Risk: High (IBANs exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Basic Identification Details, Contact Information, National Identity Numbers (Dni), Contract Details, Payment Details (Ibans) and .
Which entities were affected by each incident ?
Incident : Data Breach END1768237930
Entity Name: Endesa
Entity Type: Energy Utility Company
Industry: Energy
Location: Spain, Portugal
Size: 22 million clients
Customers Affected: 10 million+ (Energía XXI customers)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach END1768237930
Incident Response Plan Activated: True
Containment Measures: Blocked access to compromised internal accounts, dumped log records for analysis
Remediation Measures: Notifying affected customers, elevated monitoring for suspicious activity
Communication Strategy: Public disclosure, direct customer notifications
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach END1768237930
Type of Data Compromised: Basic identification details, Contact information, National identity numbers (dni), Contract details, Payment details (ibans)
Number of Records Exposed: 20 million (alleged)
Sensitivity of Data: High (PII, financial data)
File Types Exposed: SQL databases
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Notifying affected customers, elevated monitoring for suspicious activity.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by blocked access to compromised internal accounts and dumped log records for analysis.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach END1768237930
Regulatory Notifications: Spanish Data Protection AgencyPertinent authorities
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach END1768237930
Recommendations: Customers urged to be vigilant for identity impersonation, data theft, and phishing attacks; report suspicious activity.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Customers urged to be vigilant for identity impersonation, data theft and and phishing attacks; report suspicious activity..
References
Where can I find more information about each incident ?
Incident : Data Breach END1768237930
Source: BleepingComputer
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: BleepingComputer.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach END1768237930
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure and direct customer notifications.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach END1768237930
Customer Advisories: Customers notified to monitor for fraudulent activity and report suspicious incidents.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Customers notified to monitor for fraudulent activity and report suspicious incidents..
Post-Incident Analysis
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Basic identification details, contact information, national identity numbers (DNI), contract details and payment details (IBANs).
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Blocked access to compromised internal accounts and dumped log records for analysis.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Basic identification details, contact information, national identity numbers (DNI), contract details and payment details (IBANs).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 20.0M.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Customers urged to be vigilant for identity impersonation, data theft and and phishing attacks; report suspicious activity..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is BleepingComputer.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Customers notified to monitor for fraudulent activity and report suspicious incidents.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=endesa' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
