News

Endesa security breach worse than thought as former customers affected – IBANs exposed

Among the cases identified are former customers who have had no contractual relationship with Endesa or Energía XXI since as far back as 2021

Laurence Dollimore

The security breach suffered by Endesa is worse than previously thought, it has emerged.

According to watchdog FACUA-Consumidores en Accion, the incident has also compromised the personal data of former users – both of Endesa itself and of its regulated supplier, Energía XXI.

The consumer organisation says it has verified that people who no longer hold any active contract with either company have also received notifications informing them that their personal information may have been affected.

Inside Spain’s war on cash – including €1,000 limit and rewarding snitches

Among the cases identified are former customers who have had no contractual relationship with Endesa or Energía XXI since as far back as 2021, significantly widening the time span of the data exposure.

FACUA has requested clarification from the energy company on how far back the affected former customers go. However, the association claims that Endesa has so far failed to respond to this request.

Endesa did not respond to the Spanish Eye’s request for comment.

In light of the lack of information, the organisation has escalated the matter by formally contacting the Agencia Española de Proteccion de Datos, urging it to open an investigation into the incident.

The aim is to establish what happened, determine whether Endesa bears responsibility, and assess whether sufficient measures have been put in place to prevent further security breaches.

In the notification sent to both current and former customers, Endesa and Energía XXI acknowledge that there was an ‘unauthorised and illegitimate access to their commercial platform’, an incident which ‘compromised the confidentiality of certain data for which Endesa Energía is responsible’.

Spain’s Instituto Nacional de Ciberseguridad (Incibe) has issued an alert in relation to the breach.

According to the company, the affected information includes ‘basic identification and contact details, national identity numbers (DNIs), and data relating to customers’ contracts with Endesa’, as well as, ‘in some cases, payment details such as IBANs’.

Endesa has stressed, however, that ‘at no point were password access details compromised’, in an apparent attempt to limit the perceived scope of the leak.

- Advertisement -
Wild boar hunt is authorised in Malaga province: Animal activists fume while hikers are told to avoid these areas
Mijas to install ‘big brother’ network of 150 CCTV cameras after wave of violent crimes – everything we know
Traffic chaos as broken-down lorry causes 13km tailback on the Costa del Sol’s A-7
Inside Spain’s war on cash – including €1,000 limit and rewarding snitches
Spain’s tax authority is ramping up surprise inspections of the self-employed
TAGGED:
Share This Article
ByLaurence Dollimore
Laurence Dollimore has been covering news in Spain for almost a decade. The London-born expat is NCTJ-trained and has a Gold Star Diploma in Multimedia Journalism from the prestigious News Associates. Laurence has reported from Spain for some of the UK's biggest titles, including MailOnline, The Telegraph, Daily Mail, Mail on Sunday, The Sun and the Sun Online. He also has a Master's Degree in International Relations from Queen Mary University London.
Leave a Comment

Leave a Reply

Popular News

Events

Add an Event

You Might Also Like