Cyber Incident Victim: Iberdrola SA
Date:
Mar 2022
Location:
Spain
Summary
A cyberattack targeting Iberdrola's subsidiary I-DE Redes Eléctricas Inteligentes compromised personal data of approximately 1.3 million customers, including national identification numbers, addresses, phone numbers, and email addresses. The breach did not affect financial information such as bank accounts or credit card details. The company halted the attack immediately upon detection, implemented preventive measures, and notified law enforcement and data protection authorities. Subsequent mass attacks against the same entity occurred the following day but were successfully neutralized without further data exposure. Cybersecurity authorities advised affected customers to monitor for unauthorized use of their information and remain vigilant against phishing attempts impersonating the company. The incident was potentially linked to broader attack campaigns affecting other organizations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 15, 2022, Iberdrola’s subsidiary I-DE Redes Eléctricas Inteligentes suffered a cyberattack compromising the personal data of 1.3 million customers. The attackers accessed customer contact details including national identity numbers (DNI), home addresses, telephone numbers, and email addresses. Iberdrola confirmed the breach did not expose financial or operational data such as bank account information, credit card details, or energy consumption records. The company detected the incident and implemented immediate measures to halt the attack and prevent recurrence, though the specific intrusion method was not disclosed. Iberdrola formally notified the Spanish National Police and the Spanish Data Protection Agency (AEPD) following the discovery. The National Cybersecurity Institute (Incibe) independently confirmed the breach and identified I-DE as the affected entity within the Iberdrola group.
On March 16, 2022, Iberdrola reported thwarting additional large-scale cyberattacks targeting its systems, which did not result in further data exposure. The company suggested these subsequent attempts might relate to a broader campaign affecting other Spanish organizations, including the Congress of Deputies. Incibe issued public guidance advising affected customers to monitor for unauthorized use of their exposed data and to scrutinize unsolicited communications impersonating Iberdrola. The agency specifically warned against responding to messages requesting payment details, account numbers, or service credentials. Iberdrola’s communications emphasized that operational systems remained secure throughout both attack waves, with no disruption to energy distribution services reported. The incident remained under investigation by Spanish authorities at the time of reporting.