**THREAT ACTOR CLAIMS THEFT OF FULL CUSTOMER DATA FROM SPANISH ENERGY FIRM ENDESA**

Spanish energy giant Endesa has suffered a massive data breach, with a threat actor claiming to have stolen full customer data, including contact details, national ID numbers, and payment information. The company disclosed the incident in a statement, confirming that unauthorized access had been made to its commercial platform.

Endesa is one of the largest electricity providers in Spain, serving over 10 million customers domestically. It generates, distributes, and sells electricity and natural gas, with a revenue of €21.3 billion in 2024 and a net profit of around €1.89 billion. The company has around 8,900 employees and is majority-owned by Italian utility group Enel.

According to the statement published by Endesa, attackers accessed customer identification, contact details, national ID numbers, contract data, and possibly IBANs (International Bank Account Numbers). However, passwords were not compromised. The company has activated security protocols, blocked access that had been compromised, and notified affected customers and authorities, including Spain's Data Protection Agency.

Endesa claims to have found no evidence of any fraudulent use of the affected data, making it unlikely that a high-risk impact on customers will materialize. However, criminals could still attempt to impersonate customers, publish stolen data, or launch phishing or spam campaigns.

"As of the date of this communication, there is no evidence of any fraudulent use of the data affected by the incident, making it unlikely that a high-risk impact on your rights and freedoms will materialize," reads the statement. "Even so, this unauthorized access to your data by the malicious actor could lead to an attempt to impersonate you, publish this data (resulting in a loss of control over it), or use it to carry out phishing or spam campaigns against you."

Clients are advised to stay alert to suspicious calls, emails, or messages and report any concerns to Endesa's call center at 800.760.366. The company recommends never sharing personal or sensitive information with unknown contacts and notifying Endesa or law enforcement if fraud is suspected.

**THREAT ACTOR'S CLAIM**

A threat actor has claimed on a cybercrime forum to have stolen 1.05 terabytes of data from Endesa, including fresh customer data that has never been seen before. The message published on the hacking forum reads:

"!I hacked into Spain's largest electricity and gas company (Endesa), access to everything, no one has this database except me. This thread was accepted and the data was verified as real and unique.
Price: negotiable
Total size: 1,055,950,885,115 bytes
More than +20.000.000 people in one single .sql (fresh data, never seen)!"

The authenticity of the threat actor's claim has not been confirmed by Endesa or any other parties involved.