Endesa Hack: Hacker Exposes 20 Million Customer Records

Madrid / Washington

Last Monday, January 12th, mid-morning, Cadena SER and a large part of the media in our contry reported that the company Endesa Energía, ⁣as ‌well as its regulated market subsidiary Energía XXI, had detected an “unauthorized access” to their commercial platform. The energy company, which had been warning its customers throughout the weekend, alerted⁤ to an extraction of data related to contracts, including national identity documents and payment methods.

A week earlier, on Monday, January 5th, self-reliant journalist Alberto Payo already reported on this ​attack in the cybersecurity-specialized media outlet Escudo ⁤Digital. He ‍didn’t expect that the alleged⁣ – or the alleged female – hacker would⁤ contact him directly within hours to clarify his information. “I’m the​ one from Endesa,” the ⁤well-known criminal initiated the ⁤conversation.

And how did he get his contact‌ information? Thanks to the data he would have extracted from his ⁢Endesa⁤ contract, according to the journalist. “He gave me the data and it matched that of my second residence: my bank account number, the ⁢CUPS number⁣ [a key that identifies each electricity or gas connection], even a risk indicator that Endesa had ⁢for me.‌ Also the DNI, ‌financial data, my ‌phone number or my email. I was quite surprised.”

Payo believes that Spain (as the‍ hacker‍ called himself) and his two accomplices – “one of them very young” – primarily wanted to profit financially. “First he tried to‍ sell it through Telegram and then he started thinking he could talk⁢ to Endesa to get more money or to negotiate directly wiht the company.⁣ He told me: ‘I have written ⁢to Endesa several accounts and you haven’t answered me. They really aren’t interested in their customers‘.According to the alleged criminal, they managed to access this data in just two and a⁢ half hours.”This is where the way of boasting is seen. Hackers often have these profiles,” he reflects.

The hacker’s profile

But what is usually the profile of hackers? At least those ​that the‌ State Security Forces and ‌Corps manage to capture.⁣ We‍ asked the Group Chief⁢ of the Cue

The Challenge of Prosecuting​ International Fraud

Identifying and prosecuting perpetrators of fraud ⁣who operate internationally and target Spanish citizens is demonstrably difficult due to jurisdictional issues, ‌the use of complex technologies, and the frequent location of offenders outside of Spain.

the rise of elegant online scams, often ​originating from ⁣organized criminal networks, presents a important challenge to law⁤ enforcement agencies. These groups frequently ‍exploit technological advancements to mask their identities and locations, making investigations complex and resource-intensive. Victims frequently enough face considerable hurdles in recovering lost⁢ funds.

Such as,in 2023,the Spanish National Police dismantled a network‍ operating from Nigeria that defrauded Spanish citizens of ⁤over €2 million through romance scams and business email compromise schemes. This ​case‍ highlights the international nature of these crimes and the difficulties in tracing funds and apprehending perpetrators.

Common Types of⁢ International ⁢Scams Targeting Spain

Several types of scams frequently target Spanish⁣ citizens,frequently enough originating from outside the country. These include romance scams, investment ​fraud, phishing attacks, and business ​email compromise schemes.

• Romance Scams: Perpetrators create ‍fake online profiles to ‍build ‍relationships‍ with victims, eventually requesting money for fabricated emergencies or travel.
• Investment Fraud: Victims are lured into investing in fraudulent schemes promising high returns with little risk.
• Phishing Attacks: Fraudsters use deceptive emails or websites to steal‍ personal and financial information.
• Business Email Compromise (BEC): Criminals impersonate company executives to⁢ trick ⁤employees into transferring funds to fraudulent accounts.

According to the National ⁤Cybersecurity​ Institute (INCIBE) 2023 ⁣Annual Cybersecurity Report, phishing ⁢attacks accounted for 33.8% of reported cybersecurity incidents in Spain, demonstrating their prevalence. The report also noted ⁣a significant increase⁢ in scams involving impersonation of known entities.

Jurisdictional Challenges in Cross-Border Fraud Cases

Successfully prosecuting international⁤ fraud‍ cases requires cooperation between law enforcement agencies in multiple countries,which can be hampered by differing legal systems,extradition ‍treaties,and resource constraints.

The ​ European Union Agency‍ for criminal Justice Cooperation (Eurojust) plays a crucial role in facilitating cross-border ‌investigations and prosecutions.Eurojust assists national authorities in coordinating investigations, gathering evidence, and overcoming legal obstacles. However,cases⁤ involving countries outside the EU can ⁤be substantially more complex.

In 2022,‌ Eurojust supported 1,033​ cases involving cybercrime, ⁤including a substantial number of fraud cases with cross-border elements. This demonstrates the increasing ​demand ⁣for international cooperation ⁤in combating cybercrime and​ fraud.

Resources for Spanish Citizens targeted by Fraud

Spanish citizens who believe they have ⁣been victims of fraud can report‍ incidents to several organizations and authorities.

• Spanish national ‍Police: https://www.policia.es/
• Civil Guard: https://www.guardiacivil.es/
• National Cybersecurity Institute (INCIBE): https://www.incibe.es/ (Offers assistance with cybersecurity incidents and⁣ fraud reporting.)
• Office for ⁢Fraud Victims (Oficina de Atención a Víctimas del Fraude): Provides legal‌ and psychological support to victims of fraud.

The INCIBE also operates a helpline‍ (011) to provide⁢ immediate assistance to citizens who have ​been targeted by online fraud. ‍ Reporting incidents to these authorities is crucial for tracking trends, investigating⁢ perpetrators, and preventing ‌future scams.