Cyber Incident Victim: Enercity
Date:
Oct 2022
Location:
Germany
Summary
A major German energy supplier experienced a cyberattack that triggered immediate security system responses, averting significant operational damage. While critical infrastructure remained unaffected—ensuring stable energy supply—the incident caused customer service disruptions and partial IT system limitations. Data theft occurred, compromising both personal and non-personal information from customers, employees, and partners, with non-personal data constituting approximately 75% of the exfiltrated material. External experts assessed the probability of data publication as very low. The company established a task force, engaged forensic specialists, and notified relevant authorities, subsequently enhancing its IT security architecture and implementing additional protective measures to fortify systems against future threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 26, 2022, Hannover-based energy supplier Enercity experienced a cyberattack that triggered immediate activation of its security systems. The company confirmed operational technology and critical infrastructure remained unaffected, ensuring uninterrupted energy supply to customers with guaranteed grid and power plant stability. Customer service systems suffered limited availability following the incident, with the company acknowledging "minor restrictions" due to non-full functionality of some IT systems. Enercity established a task force shortly after detection and initiated forensic investigations involving external IT specialists. Law enforcement and data protection authorities were promptly notified, consistent with regulatory requirements for critical infrastructure operators. The attack occurred during heightened cybersecurity alerts in Germany, with federal authorities having recently warned of unprecedented threat levels targeting national infrastructure.
Forensic investigations determined attackers exfiltrated data containing both personal and non-personal information belonging to customers, employees, and business partners. Non-personal data constituted approximately 75% of the compromised information, according to company disclosures made public in March 2023. External cybersecurity experts assessed the likelihood of data publication as minimal based on their analysis. Enercity integrated findings from the forensic examination into security architecture enhancements, implementing additional protective measures for systems and data. The company maintained throughout the incident response that critical infrastructure components were never compromised, preserving supply chain integrity for energy distribution. All customer-facing communications emphasized that data protection protocols remained active, directing specific inquiries to dedicated channels including a designated data protection officer. No operational disruptions to physical energy production or distribution networks were reported during or after the incident.