Last updated 1 month ago
Spanish energy company Endesa disclosed a data breach involving unauthorized access to a commercial customer information management platform. The breach was reported in January 2026, with attackers listing over 1 terabyte of data for exfiltration. The compromised data includes International Bank Account Numbers (IBANs) from customer records.
The attack involved unauthorized access to Endesa's commercial platform, though the specific initial access vector remains unconfirmed. Attackers gained entry to systems managing customer information and exfiltrated sensitive financial data including IBANs. The data volume exceeded 1 terabyte, indicating significant exposure of customer financial identifiers.
Endesa has publicly disclosed the breach through official channels, confirming unauthorized access to their customer management systems. The company has initiated breach notification procedures to affected customers regarding the exposure of their IBAN data.
Unauthorized access to a commercial platform used to manage customer information
Energy sector companies managing sensitive financial data like IBANs must implement enhanced access controls and monitoring for customer information platforms. The breach demonstrates that commercial platforms handling customer data require the same security rigor as core operational systems, particularly when processing financial identifiers that enable payment fraud.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector