Iberdrola has suffered a cyberattack in which the personal information of 1.3 million customers has been stolen, company sources confirm to elDiario.es. The attackers have gained access to data such as the ID, address, telephone number and email address, but not to “financial data (current account or credit card) or data on electricity consumption,” they emphasize. sources. Iberdrola has contacted those affected and has reported the events to the Central Technological Investigation Brigade of the Police.
AUDIO | This is how they try to sneak in the ‘Microsoft scam’, the classic Internet scam that is still active in Spain
The breach took place on March 15 at I-DE Redes Eléctricas Inteligentes, the group’s electricity distribution company. “As soon as we became aware of the attack, the necessary measures were put in place to stop it immediately and prevent its repetition,” explains the company in its statement to those affected, which has also brought the facts to the attention of the Data Protection Agency. , a legal imperative after suffering a hack.
The following day, Iberdrola’s systems suffered “massive attacks” that they were able to stop, reveal the same sources. The company links it to a campaign of cyberattacks that affected other companies and Spanish and European public institutions, such as the Congress of Deputies.
In a statement sent after the publication of this information, Iberdrola has revealed that “the company was warned by the North American authorities before suffering the attack. Iberdrola informed the Spanish authorities of this. The American advisory served to strengthen the security of our systems, which prevented [los atacantes] could obtain critical information.
The company was warned by US authorities before suffering the attack. Iberdrola informed the Spanish authorities of this
This Tuesday the Government approved a package of emergency measures “due to the considerable increase in the risk of cyber attacks for geostrategic reasons” as a result of the war in Ukraine. The plan includes a new “National Cybersecurity Plan” to strengthen the protection of SMEs and public institutions and the approval through a Royal Decree-law of specific cybersecurity regulations for the 5G network, which came into force this Wednesday.
This type of cyberattack, even if it does not manage to access customer banking data, represents a significant increase in the risk of suffering fraud attempts. Cybercriminals use the stolen information to set up scams with custom hooks, skyrocketing their success rate. attacks known as phishing or smishing are based on this tactic and can defraud victims of thousands of euros.
For this reason, Iberdrola warns affected customers in the statement that they “be wary of emails or mobile phone messages that do not have a clear identification of the sender, when they ask for reserved information with your account number, credit card data payment or access codes to services”. “Neither Iberdrola nor any other group company is going to request them by these means,” they warn.
The National Institute of Cybersecurity (Incibe) recommends affected users to search for themselves on the Internet to detect if their private data is being used without their consent. “If after conducting an Internet search of your personal information you find any data that you do not like or that is being offered without your consent, exercise your rights. The Spanish Data Protection Agency It provides you with guidelines on how to do it,” explains the agency.
Incibe also reminds you of the need to change passwords for digital services periodically and keep all programs and applications updated to the latest version.