A cybercriminal threat actor known as “spain” has claimed responsibility for a major data breach involving Endesa, one of Spain’s largest energy companies, alleging the theft of personal information linked to more than 20 million individuals, as per Hackmanac. The claims surfaced on Monday and are currently under investigation, with no independent confirmation so far.
According to the threat actor, the compromised dataset spans roughly 1.05 terabytes across multiple SQL files and allegedly includes highly sensitive data such as IBAN bank details, national identity numbers, addresses, contact information, and customer billing records. If verified, the breach would represent one of the most significant cyber incidents to hit Spain’s energy sector in recent years.
The alert was flagged by Hackmanac, which said the information was gathered from publicly accessible clear and dark web sources as part of its early-warning system. Hackmanac emphasizes that the incident remains unverified and that no confidential data was downloaded or redistributed by its analysts. Authorities and cybersecurity experts are expected to assess the scope and authenticity of the claims in the coming hours, so this is a developing news story…
As stated on X:
A threat actor known as “spain” claims to have breached Endesa and is selling an allegedly new and unique database containing data on over 20 million individuals. The dataset reportedly totals about 1.05 TB across multiple .sql files and includes sensitive information such as IBANs, national IDs, contact details, addresses, and customer and billing records.
Endesa // Shutterstock