Spanish electricity company Endesa reports customer data theft, including bank details

Zoom

According to the company, the cyber-attack has compromised data from numerous contracts

Helena Rodríguez

Monday, 12 January 2026, 11:48

Spain's leading electricity supply company Endesa has issued a warning following a "security incident" that has compromised a cache of private data.

The energy giant confirmed that hackers successfully targeted sensitive information, including customer contact details, national ID card numbers, and contract specifics. The company admitted that bank account details - specifically International Bank Account Numbers (IBANs) - may also have been exposed.

In a statement, Endesa clarified that login passwords remained secure and were not compromised during the breach.

Following the discovery of the hack, Endesa immediately activated emergency security protocols. The company stated it has implemented "all necessary technical and organisational measures" to contain the fallout and prevent a repeat of the breach.

Security teams have since managed to halt the unauthorised access by blocking the compromised entry points.

The relevant authorities, including the Spanish data protection agency, have also been notified of the incident. "The investigation, both internally and with our suppliers, is ongoing so we can gain a full understanding of what happened and take any further action that may be necessary," the company stated.

So far, no fraudulent use of the data has been detected. Even so, malicious access could lead to attempts to usurp or impersonate customer identity.

Endesa urges customers to pay "special attention to any suspicious communications they may receive over the next few days and report any anomalies they detect". Customers can report any issues to 800 760 366 or by e-mail (contactodpo@endesa.es).