Security breaches have become the bane of many companies today, with millions of customer data about which they know practically everything. We care a lot about our data and privacy when we browse the Internet, but there are certain data that we provide to companies that provide us with any type of service, whether it is Internet, electricity, water or gas. And we don’t stop to ask what happens to that data or how it will be kept securely. The last to fall has been Endesa with almost two thousand clients whose data has been exposed on the Internet.

The leak of user data has already occurred on many other occasions. Names, emails, addresses… Now the victim is “e-distribución”, an Endesa collaborating company that is responsible for bringing electricity to homes and which stored information from thousands of clients from all over Spain. A data leak that affects more than a thousand clients and that is a potential list of future spam calls or phishing messages but that will also put all the data now in the hands of anyone at risk.

Leaked data

We give our data when hiring a service. Electricity, gas, telephone… And we don’t worry about whether they are stored well or not, assuming that they will be that way. But security holes exist and now hacking forum BreachForums has published part of the leak of data after a security breach by Endesa’s collaborating company, e-distribucion.

E-distribucion works in 24 provinces and 8 Autonomous Communities in Spain and has seen how the data of more than 1,800 clients has been exposed and posted on the internet. What information has been leaked? All the data that comes from the CUPS code, which reflects relevant information of all users: name, identity documents, home addresses, characteristics of the contracted supply and customer telephone number.

This leak not only compromises customer privacy, but also opens the door to possible scams and phishing campaigns of companies that want to attract new clients and, according to the information so far, the data could be auctioned and fall into the hands of whoever wants to make fraudulent use of it.

What can we do?

For now, Endesa has not commented. It has not contacted customers to alert them of the security hole that has leaked the information, nor can we know if all the data is affected or only a portion of the users. At the moment there is no more official information but it would be logical for the company to notify what happened or issue a report explaining the causes of it in the next few hours.

What can we do? We cannot do anything to prevent data leaks or choose whose hands they fall into, but we can. Take extreme precautions when connecting to the Internet or receiving calls. Customers are advised to remain alert to possible contact attempts by third parties for malicious purposes even if they have your personal data or contact relevant information that we believe to be confidential. It is important ignore emails that may be phishing or be wary of phone calls that promise us improvements or ask us for even more information such as our bank account or credit card number.

At the moment there is nothing more you can do if you are an E-distribution customer except stay alert for all possible scams or spam calls.