Endesa Energía has confirmed that its commercial platform has suffered unauthorized access which has led to the extraction of sensitive data from your clients. These data are related to their contracts, and include information such as IDs or means of payment.
Users affected by this hack have already begun to receive an email message from the company, which has also published it on its website, in which they are informed of the incident and informed that a malicious actor, whose identity has not been made public, could have obtained data related to their electricity and gas contracts.
Among them, in addition to the aforementioned DNI numbers, may be your contact information and the IBAN of the bank account in which the receipts are deposited. Endesa Energía assures, however, that the passwords for accessing user accounts have not been affected by the hack.
The company also points out that although for now there has been no misuse of the compromised data, the attacker could try to impersonate customers, publish the information in digital forums or use them to send fraudulent emails or messages as part of phishing and spam campaigns.
Endesa has reminded its customers to be alert to possible suspicious communications they may receive in the coming days and weeks. In addition, it asks them to report any suspicious action they detect to the number 800 760 366.
Aside from informing your customers that they may be affected by this hack, Endesa Energía has activated the security protocols and procedures that are established for this type of attacks. Also, as indicated in the email, all the necessary measures at a technical and organizational level to contain the incident, mitigate its effects and prevent it from being repeated in the future.
