The price of electricity will not be the only concern of Iberdrola’s customers today. The company has reported a cyberattack that they have suffered and that has caused the theft of personal data of more than 1.3 million customers of the electricity and energy company. A leak that can cause serious consequences to the affected users because they can be victims of other cyber scams.
Exposure of data from millions of customers
The company wanted to inform the millions of customers it currently has that they suffered a cyber attack on March 15, which resulted in the theft of much data stored in its customer database. A day later, Iberdrola’s systems again suffered massive attacks that they were able to stop.
Ignacio Sánchez Galán, Chairman of Iberdrola
“We have suffered a cyberattack on our information systems. The incident, now remedied, resulted in access to the data of some of our clients”
The data of the users exposed as a result of this incident are: name and surname, DNI, address, telephone number and email address. However, they assure from the energy company that none of the financial data, such as the current account or credit cards, have been exposed. Neither does electricity consumption.
According to elDiario.es , the number of affected reaches 1.3 million users, although the magnitude of the security breach could be greater, since companies are usually very jealous when it comes to recognizing this type of problem.
A cyber attack already remedied
In the same statement, the Spanish company based in Bilbao reports that it has contacted those affected and has reported the events to the Central Technological Investigation Brigade of the Police , something imperative in cases of hacking of any kind. “As soon as we became aware of the attack, the necessary measures were put in place to immediately stop it and prevent its recurrence.”
Iberdrola Tower in Bilbao
What happened has also been reported to the Spanish Data Protection Agency . This body, in addition, will have to evaluate the data leak in an investigation that will determine if the company had the measures to avoid a cyber attack of these characteristics, or if, on the contrary, it put the data of its clients at risk. If the second case occurs, it could lead to a sanction.
Sale of data
In this type of criminal action, cybercriminals often put personal data for sale on the Dark Web precisely to commit other types of fraud. When leaking name, surnames, DNI, telephone or email, it is very easy for said data to end up linked to other scams.
Approved the National Cybersecurity Plan
The incident has been made known just a few hours after the National Cybersecurity Plan was approved by the Council of Ministers today, March 31, 2022. With a budget of around 1,000 million euros, it will have the following among its objectives.
National Cybersecurity Plan
- The creation of the National Platform for Notification and Monitoring of cyber incidents and threats that allows the exchange of information, in real time, between public and private organizations.
- Promote the implementation of the Cybersecurity Operations Center of the General State Administration and its Public Bodies.
- The development of an integrated system of cybersecurity indicators at the national level.
- Increase the creation of cybersecurity infrastructures in autonomous communities and cities and local entities.
- Promote cybersecurity for SMEs, micro-SMEs and the self-employed.
- Promote a higher level of cybersecurity culture.
