Endesa and Energía XXI customer data leak after unauthorized access
Data Leak
Summary
Hide ▲
Show ▼
Endesa and Energía XXI disclosed unauthorized access to their commercial platform that exposed customer contract data tied to energy accounts. The exposed records included basic identification details, contact information, DNI, contract details, and IBAN payment data, while account passwords were not exposed. The company is notifying customers, has alerted the Spanish Data Protection Agency, and says there is no evidence of fraudulent use yet, though attackers also allegedly offered stolen data for sale.
Related Happenings
TriZetto Provider Solutions hit by cyberattack
Incident
First: 06.03.2026 21:50
Last: 06.03.2026 21:50
Sources 1
About this happening:
TriZetto Provider Solutions disclosed a **data breach** involving **unauthorized web portal access** that exposed sensitive information for **3,433,965 people**, creating signific...
TriZetto Provider Solutions hit by cyberattack
IncidentAbout this happening: TriZetto Provider Solutions disclosed a **data breach** involving **unauthorized web portal access** that exposed sensitive information for **3,433,965 people**, creating signific...
AkzoNobel partial Anubis data leak
Data Leak
First: 04.03.2026 01:00
Last: 04.03.2026 01:00
Sources 1
About this happening:
**AkzoNobel** faces a **partial data leak** after **Anubis ransomware** claimed it stole **170GB of data** and **almost 170,000 files**. The leak site posted **sample screenshots*...
AkzoNobel partial Anubis data leak
Data LeakAbout this happening: **AkzoNobel** faces a **partial data leak** after **Anubis ransomware** claimed it stole **170GB of data** and **almost 170,000 files**. The leak site posted **sample screenshots*...
LexisNexis Legal & Professional data leak after AWS intrusion
Data Leak
First: 03.03.2026 17:40
Last: 03.03.2026 17:40
Sources 1
About this happening:
**FulcrumSec** leaked **2GB of files** tied to **LexisNexis Legal & Professional**, exposing customer and business information that could be used for follow-on abuse. The company...
LexisNexis Legal & Professional data leak after AWS intrusion
Data LeakAbout this happening: **FulcrumSec** leaked **2GB of files** tied to **LexisNexis Legal & Professional**, exposing customer and business information that could be used for follow-on abuse. The company...
Flickr users' member information exposure via third-party email provider vulnerability
Data Leak
First: 06.02.2026 11:43
Last: 06.02.2026 11:43
Sources 1
About this happening:
Flickr disclosed a **potential data leak** affecting **users' member information** after a **third-party email service provider vulnerability** may have exposed **real names, emai...
Flickr users' member information exposure via third-party email provider vulnerability
Data LeakAbout this happening: Flickr disclosed a **potential data leak** affecting **users' member information** after a **third-party email service provider vulnerability** may have exposed **real names, emai...
PcComponentes customer database leak claim and sample publication
Data Leak
First: 21.01.2026 22:55
Last: 21.01.2026 22:55
Sources 1
About this happening:
A **threat actor named daghetiaw** published a claimed **PcComponentes customer database** and offered it for sale, putting **16.3 million records** at risk. The actor said **500,...
PcComponentes customer database leak claim and sample publication
Data LeakAbout this happening: A **threat actor named daghetiaw** published a claimed **PcComponentes customer database** and offered it for sale, putting **16.3 million records** at risk. The actor said **500,...
Timeline
-
12.01.2026 17:57 3 articles · 4mo ago
Endesa and Energía XXI disclose customer data access
Initial DisclosureEndesa and Energía XXI notify customers that unauthorized access to the commercial platform exposed contract-related personal data, including basic identification details, contact information, DNI, contract details, and IBANs, while account passwords were not exposed. The company says it blocked compromised internal accounts, dumped log records for analysis, began notifying affected customers, and alerted the Spanish Data Protection Agency and other authorities, while warning recipients to watch for identity impersonation, data theft, and phishing. A separate claim also says samples of stolen Endesa data and about 20 million records were offered for sale, with the seller alleging roughly 1TB of SQL databases containing customer information.
Show sources
- Spanish energy giant Endesa discloses data breach affecting customers — www.bleepingcomputer.com — 12.01.2026 17:57
- Spanish energy giant Endesa discloses data breach affecting customers — www.bleepingcomputer.com — 12.01.2026 17:57
- Central Maine Healthcare breach exposed data of over 145,000 people — www.bleepingcomputer.com — 13.01.2026 22:32