Cyber Incident Victim: Tibber

On November 11, 2023, a dataset titled "Tibber Data Breach - Leaked, Download" appeared for sale on a prominent darknet forum, marking the public exposure of a cybersecurity incident targeting Norwegian energy provider Tibber's German operations. Hackers infiltrated Tibber's online shop system, which sells smart energy hardware like the Pulse electricity tracker, and exfiltrated customer data. Tibber confirmed the breach to heise security, acknowledging the theft impacted approximately 50,000 German customers. The compromised data included names, email addresses, order amounts, and partial address information, though the company clarified that complete addresses, payment details, energy consumption data, and passwords remained secure. Attackers claimed possession of 243,000 data records, but Tibber attributed the discrepancy to potential duplicate entries or fragmented data formatting rather than a larger breach scope.

Tibber initiated its incident response upon discovering the darknet listing, launching an internal investigation and filing a criminal report with Berlin police. By January 2024, the company directly notified affected German customers about the data exposure. Merlin Lauenburg, Tibber's Germany managing director, stated collaboration with external cybersecurity experts and law enforcement to analyze the breach and implement corrective measures. The attackers’ monetization attempt via darknet markets coincided with Tibber’s operational model of providing dynamic-pricing-based renewable energy to households across Germany and Nordic countries, though core energy delivery systems remained unaffected. No disruptions to power services or additional compromises beyond the online shop data theft were reported.