By Laura Kemp •
Updated: 31 Mar 2022 • 17:07
Personal data of 1.3 million Iberdrola customers stolen in cyberattack. Image - Iberdrola
The attackers have gained access to data such as the ID, address, telephone number and email address of customers, but not to “financial data (current account or credit card) or data on electricity consumption,” the company said.
Iberdrola has contacted those affected and has reported the events to the Central Technological Investigation Brigade of the Police.
The breach took place on March 15 at I-DE Redes Electricas Inteligentes, the group’s electricity distribution company.
“As soon as we became aware of the attack, the necessary measures were put in place to stop it immediately and prevent its repetition,” said the company in its statement to those affected, which has also brought the facts to the attention of the Data Protection Agency.
The following day, Iberdrola’s systems suffered “massive attacks” that they were able to stop, the same sources revealed. The company relates it to a campaign of cyberattacks that affected other companies and Spanish and European public institutions, such as the Congress of Deputies.
This Tuesday, March 29, the Government approved a package of emergency measures “due to the considerable increase in the risk of cyber attacks for geostrategic reasons” as a result of the war in Ukraine. The plan includes a new “National Cybersecurity Plan” to strengthen the protection of SMEs and public institutions and the approval through a Royal Decree-law of specific cybersecurity regulations for the 5G network, which came into force yesterday, March 30.
This type of cyberattack, even if it does not manage to access customer banking data, represents a significant increase in the risk of suffering fraud attempts. Cybercriminals use the stolen information to set up scams with custom hooks, skyrocketing their success rate. attacks known as phishing or smishing are based on this tactic and can defraud victims out of thousands of euros.
Iberdrola warns affected customers in the statement that they “be wary of emails or mobile phone messages that do not have a clear identification of the sender when they ask for reserved information with your account number, credit card data payment or access codes to services”.
“Neither Iberdrola nor any other group company is going to request them by these means,” they added.
The National Institute of Cybersecurity (Incibe) said that affected users should search for themselves on the Internet to detect if their private data is being used without their consent.
It said: “If after conducting an internet search of your personal information you find any data that you do not like or that is being offered without your consent, exercise your rights. The Spanish Agency for Data Protection provides you with the guidelines on how to do it.”
Incibe also reminds you of the need to change passwords for digital services periodically and keep all programs and applications updated to the latest version.
Thank you for taking the time to read this article, do remember to come back and check The Euro Weekly News website for all your up-to-date local and international news stories and remember, you can also follow us on Facebook and Instagram.
Share this story
Subscribe to our Euro Weekly News alerts to get the latest stories into your inbox!
By signing up, you will create a Euro Weekly News account if you don't already have one. Review our
Originally from UK, Laura is based in Axarquia and is a writer for the Euro Weekly News covering news and features.
Got a news story you want to share? Then get in touch at email@example.com.
Download our media pack in either English or Spanish.