Naturgy Data Breach Exposes Personal and Financial Information of Nearly Half a Million Spanish Customers
A significant data breach has compromised the personal and financial details of Naturgy clients in Spain, with cybercriminals offering 74.2 GB of stolen data allegedly belonging to over 1.8 million users on the dark web. The energy distributor confirmed that approximately 480,000 records were affected, representing around 3% of its commercial portfolio.
The exposed data includes full names, national identification numbers (DNI/NIF), email addresses, bank account details, and contractual information such as CUPS codes, physical addresses, and internal provider notes. Naturgy clarified that the breach did not originate from its own systems but from a third-party database storing sensitive customer information.
In response, the company activated incident protocols, renewing credentials, blocking unauthorized access, and conducting audits on both its platforms and the affected provider’s servers. While passwords and access to the client portal remained secure, Naturgy has notified impacted individuals and filed reports with the Spanish Data Protection Agency and law enforcement.
This incident follows a similar attack earlier this year, where the same threat actor targeted Endesa, compromising data from 20 million subscribers and later leaking 300,000 files in an apparent ransom attempt. Authorities continue investigating the attacks to trace their origin and strengthen protections for sensitive data. Affected Naturgy customers have been advised on verifying corporate communications to mitigate risks of identity theft.
Endesa cybersecurity rating report: https://www.rankiteo.com/company/endesa
Naturgy cybersecurity rating report: https://www.rankiteo.com/company/naturgy
"id": "ENDNAT1777732165",
"linkid": "endesa, naturgy",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '480,000',
'industry': 'Utilities',
'location': 'Spain',
'name': 'Naturgy',
'type': 'Energy distributor'}],
'attack_vector': 'Third-party database compromise',
'customer_advisories': 'Affected customers advised to verify corporate '
'communications to mitigate identity theft risks',
'data_breach': {'data_exfiltration': 'Yes (74.2 GB of data offered on dark '
'web)',
'number_of_records_exposed': '480,000 (confirmed), 1.8 '
'million (alleged)',
'personally_identifiable_information': 'Full names, national '
'identification '
'numbers (DNI/NIF), '
'email addresses, '
'physical addresses',
'sensitivity_of_data': 'High (national IDs, bank account '
'details, email addresses, physical '
'addresses)',
'type_of_data_compromised': ['Personal information',
'Financial information',
'Contractual information']},
'description': 'A significant data breach has compromised the personal and '
'financial details of Naturgy clients in Spain, with '
'cybercriminals offering 74.2 GB of stolen data allegedly '
'belonging to over 1.8 million users on the dark web. The '
'energy distributor confirmed that approximately 480,000 '
'records were affected, representing around 3% of its '
'commercial portfolio. The exposed data includes full names, '
'national identification numbers (DNI/NIF), email addresses, '
'bank account details, and contractual information such as '
'CUPS codes, physical addresses, and internal provider notes. '
'Naturgy clarified that the breach did not originate from its '
'own systems but from a third-party database storing sensitive '
'customer information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive customer data',
'data_compromised': 'Personal and financial information (full '
'names, national IDs, email addresses, bank '
'account details, contractual information)',
'identity_theft_risk': 'High risk of identity theft for affected '
'customers',
'legal_liabilities': 'Potential regulatory fines and legal actions',
'payment_information_risk': 'High risk of payment fraud due to '
'exposed bank account details',
'systems_affected': 'Third-party database storing customer '
'information'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (74.2 GB of data '
'offered)',
'entry_point': 'Third-party database'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Third-party risk management is critical; need for '
'enhanced monitoring and audits of third-party vendors',
'motivation': 'Data exfiltration for potential ransom or sale on dark web',
'post_incident_analysis': {'corrective_actions': 'Renewed credentials, '
'blocked unauthorized '
'access, conducted audits, '
'notified regulatory bodies',
'root_causes': 'Third-party database compromise, '
'inadequate third-party security '
'controls'},
'ransomware': {'data_exfiltration': 'Yes'},
'recommendations': 'Strengthen third-party security assessments, implement '
'stricter access controls, enhance customer communication '
'protocols, and improve dark web monitoring for stolen '
'data',
'references': [{'source': 'Cyber incident report'}],
'regulatory_compliance': {'regulations_violated': 'Potential GDPR violations',
'regulatory_notifications': 'Reported to Spanish '
'Data Protection '
'Agency'},
'response': {'communication_strategy': 'Notified impacted individuals, '
'advised on verifying corporate '
'communications',
'containment_measures': 'Renewing credentials, blocking '
'unauthorized access, conducting audits '
'on platforms and third-party servers',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes'},
'title': 'Naturgy Data Breach Exposes Personal and Financial Information of '
'Nearly Half a Million Spanish Customers',
'type': 'Data Breach'}