Although it has been made public today, Iberdrola suffered two weeks ago, on March 15, an attack that has compromised the data of 1.3 million customers, according to the newspaper El País. A data leak that, according to the electricity company, has compromised personal data of customers, specifically name and surname, DNI, address, telephone number and email address, but that also according to Iberdrola, would not affect economic data or to the billing of the affected customers.
As we can read in said information, andhe origin of the commitment is found in I-DE Redes Eléctricas Inteligentes (former Iberdrola Distribución), a subsidiary of Iberdrola and the company’s distributor. Thus, it is this subsidiary that would be contacting its clients to report the incident, a communication in which they also alert affected users about the possible risks they face as a result of this data theft.
Although the company does not reveal the nature of the attack, it does fit it into a broader campaign. addressed to multiple large corporations and Spanish public institutions, such as the websites of Renfe’s Cercanías service or that of the Congress of Deputies. A campaign that, given the current geopolitical circumstances, makes us assess the possibility that it has the signature of one of the Russian cyberwar groups that act at the service of the Kremlin.
More information in MuySeguridad