Endesa and Energía XXI Report Data Breach Affecting Millions of Customers Spanish energy provider Endesa and its subsidiary Energía XXI have disclosed a data breach involving unauthorized access to customer contract information. The incident, detected on an unspecified date, exposed personal and financial details of affected clients, though no account passwords were compromised. Scope and Impact Endesa, Spain’s largest electric utility company under the Enel Group, serves over 22 million customers across Spain and Portugal. The breach targeted its commercial platform, with hackers accessing: - Basic identification details (names, addresses) - Contact information (phone numbers, emails) - National identity numbers (DNI) - Contract and payment details, including IBANs While the company states there is no current evidence of fraudulent data misuse, it acknowledges potential risks, including identity theft and phishing attacks. Endesa has notified Spain’s Data Protection Agency and relevant authorities, implementing heightened monitoring and blocking compromised internal accounts. Ongoing Investigation and Threat Actor Claims The breach’s full extent remains under investigation, with Endesa pledging to notify affected customers as new details emerge. Meanwhile, threat actors have advertised a purported 1TB database of Endesa customer records allegedly 20 million entries for sale to a single buyer. The samples align with the data types Endesa confirmed were accessed, though the company has not verified the hackers’ claims. Energía XXI has assured customers that operations and services remain unaffected, with no disruption to energy distribution. The company continues to analyze logs and reinforce security measures.

Naturgy Data Breach Exposes Personal and Financial Information of Nearly Half a Million Spanish Customers A significant data breach has compromised the personal and financial details of Naturgy clients in Spain, with cybercriminals offering 74.2 GB of stolen data allegedly belonging to over 1.8 million users on the dark web. The energy distributor confirmed that approximately 480,000 records were affected, representing around 3% of its commercial portfolio. The exposed data includes full names, national identification numbers (DNI/NIF), email addresses, bank account details, and contractual information such as CUPS codes, physical addresses, and internal provider notes. Naturgy clarified that the breach did not originate from its own systems but from a third-party database storing sensitive customer information. In response, the company activated incident protocols, renewing credentials, blocking unauthorized access, and conducting audits on both its platforms and the affected provider’s servers. While passwords and access to the client portal remained secure, Naturgy has notified impacted individuals and filed reports with the Spanish Data Protection Agency and law enforcement. This incident follows a similar attack earlier this year, where the same threat actor targeted Endesa, compromising data from 20 million subscribers and later leaking 300,000 files in an apparent ransom attempt. Authorities continue investigating the attacks to trace their origin and strengthen protections for sensitive data. Affected Naturgy customers have been advised on verifying corporate communications to mitigate risks of identity theft.