Cyber Incident Victim: Energetyki Cieplnej Sp. z o.o.
Date:
Jun 2022
Location:
Poland
Summary
A ransomware attack targeted a Polish heating energy company, encrypting files and disrupting customer-facing systems for billing and application status inquiries. The firm notified national data protection and internal security authorities, as well as customers, despite initial assessments suggesting no mandatory reporting obligation. Critical operational systems, including district heating infrastructure and emergency dispatch services, remained unaffected. IT teams immediately initiated restoration efforts, conducting tests confirming no recurrence of the infection, though full network recovery remained ongoing. The company established a temporary customer contact number due to telephony system restoration work. Customers experienced difficulties accessing certain account information during the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 18, 2022, employees at Elbląskie Przedsiębiorstwo Energetyki Cieplnej (EPEC) detected anomalies in the company's IT systems, leading to the identification of a malware infection. The IT department immediately initiated containment and recovery procedures, determining through testing conducted on June 18-19 that the ransomware attack had encrypted files within the network. While critical operational systems supporting the district heating infrastructure and emergency dispatch services remained fully functional, customer-facing platforms experienced disruptions. These disruptions prevented access to billing balance information, connection request status updates, and normal telephone communications through the main customer service line.
EPEC notified Poland's Internal Security Agency (ABW) about the incident and voluntarily escalated the matter to the Personal Data Protection Office (UODO), despite preliminary assessments suggesting no mandatory reporting obligation existed. The company prioritized transparency by announcing plans to mail formal notifications to customers about potential data exposure risks. A temporary customer service phone number (502 489 964) was activated while restoration work continued on the primary telephone system. EPEC confirmed all payment processing systems remained operational throughout the incident. Recovery efforts focused on fully restoring the compromised IT network, with ongoing analysis confirming ransomware as the attack vector. Customer communications included specific guidance on monitoring financial activity, recognizing phishing attempts, reporting identity theft concerns to law enforcement, and procedures for blocking identity documents through banking institutions. The company publicly apologized for service limitations while maintaining district heating operations without interruption.