Cyber Incident Victim: Itron
Date:
Apr 2026
Location:
United States of America
Summary
Itron disclosed that hackers gained access to some of its internal systems after detecting unauthorized activity, prompting the company to expel the intruders and activate its response plans. The company said it saw no further unauthorized activity, did not find evidence of customer data compromise, and expects insurance to cover a significant portion of incident costs while anticipating no material impact on operations. It also notified law enforcement and indicated it would assess any required legal or regulatory filings stemming from the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 13, 2026, Itron detected unauthorized access to some of its systems and launched an investigation. The company stated it took action to remediate and remove the unauthorized activity. It subsequently expelled the hackers and reported no signs of further intrusions into its internal systems. Itron notified law enforcement of the breach and activated its contingency plans and data backups. The company said it did not identify unauthorized activity in the customer-hosted portion of its systems, suggesting the breach was limited to its internal IT network.
Itron, which provides smart-meter devices that analyze energy and water use, noted that its operations have continued in all material respects and that the cyberattack did not disrupt its operations. The company emphasized it has not observed any subsequent unauthorized activity within its corporate systems and did not detect any unauthorized access to customer data. Itron serves more than 8,000 customers across 100 countries, has contracts with over 7,700 utility providers in 100 countries, and provides internet-connected utility meters to over 110 million homes and businesses. It also partners with local governments on smart-cities projects and works with Cisco to improve internet connectivity for smart devices.
Itron expects a significant portion of its direct incident response costs to be covered by insurance and does not currently believe the incident has had or is reasonably likely to have a material impact on the company. The firm is evaluating what legal filings and regulatory notifications might be required because of the incident and intends to take appropriate action based on its review and findings. No known ransomware or extortion group has claimed responsibility for the hack, and the attacker’s motivation and whether any customer or other sensitive information may have been compromised remain unclear.