Iberdrola suffered a cyberattack on March 15 that compromised the personal data of 1.3 million customers, according to Eldiario.es and company sources confirm to EL PAÍS. The cybercriminals seized sensitive information from the database of energy users, including name and surname, ID, address, telephone number and email address.
The attack failed to access customers’ financial data, such as checking account or credit card numbers, according to the company. The security breach was resolved on the same day, they say from the energy company. The next day a series of massive attacks were detected, but this time, as the company was warned, they did not achieve their objective. According to a statement released by the Basque multinational after learning of the assault on its computer systems, “the company was warned by the US authorities before suffering the attack. Iberdrola informed the Spanish authorities of this. The US advisory served to strengthen the security of our systems, preventing [cybercriminals] from obtaining critical information.”
From Iberdrola they register this computer assault in a wave of attacks that in recent weeks have affected several companies and national and community public institutions , including the web pages of Cercanías de Renfe or the Congress of Deputies. Since the war in Ukraine began, there has been an increase in cyberattacks across Europe. Three weeks ago, Spain raised its cybersecurity alert to level three out of five and is paying special attention to computer attacks from Russia and Ukraine, Defense Minister Margarita Robles revealed in Congress.. The National Cryptologic Center, the branch of the CNI that oversees cybersecurity, launched a specific committee in early March to detect suspicious activities.
The company has contacted those affected through its distribution subsidiary I-DE Redes Eléctricas Inteligentes, which was the one that suffered the intrusion. “As soon as we became aware of the attack, the necessary measures were put in place to immediately stop it and prevent its recurrence. At the same time, we brought the facts to the attention of the competent authorities. Specifically, we filed the corresponding complaint with the Central Technological Investigation Brigade of the National Police and notified the Spanish Data Protection Agency”, they explain to their clients in an informative email. The police have not yet given details about the possible author of the attack
Iberdrola also warns those who have contracted services with them to ” be especially attentive to electronic communications and any atypical or unusual activity that may be related to their personal data in the coming weeks.”
That includes distrusting emails or mobile phone messages “that do not have a clear identification of the sender” and that ask for “reserved information such as account number, payment card data or service access codes.” They also recommend not opening links whose origin is not “full trust” and advise contacting the mobile operator if any incident is observed.
How to know if you are affected
The National Institute of Cybersecurity (Incibe) recommends that all people who suspect they have been victims of a data leak, whether it be Iberdrola or any other hacked company with which they are linked, investigate it. Doing it is not difficult. “There are tools that are responsible for collecting [data leaks] to be consulted and that allow us to locate the accounts that may have been compromised, even those that we did not remember having created,” they point out on their website.
One of the best known is the Have i Been Pwned website . All you have to do is enter it and enter your email address to find out if you have suffered a security breach. If this is the case, the origin of the gap will appear (in this case Iberdrola).
The Incibe advises to do this type of checks regularly. And, if our email ends up being compromised, it is convenient to change the password, preferably for a randomly generated one.