Itron Discloses Cyberattack on Internal Systems, Containment Achieved
Itron, Inc., a Washington-based utility technology provider, confirmed that an unauthorized third party accessed portions of its internal systems in a cyberattack detected last month. The company disclosed the incident in an April 13, 2026, filing with the U.S. Securities and Exchange Commission (SEC), stating it activated its cybersecurity response plan upon discovery.
Itron engaged external advisors to investigate, mitigate, and contain the breach, which has since been blocked with no observed follow-up activity. While the company serves critical infrastructure including electricity grids, water distribution, and gas networks it reported no material disruption to business operations and does not anticipate long-term impact. A significant portion of incident-related costs is expected to be covered by insurance.
The breach did not extend to customer systems, though the investigation into its full scope remains ongoing. No ransomware group has claimed responsibility for the attack. Itron, a NASDAQ-listed company with 5,600 employees and $2.4 billion in 2025 revenue, supports 7,700 customers across 100 countries, managing 112 million endpoints. Law enforcement was notified as part of the response.
Itron, Inc. cybersecurity rating report: https://www.rankiteo.com/company/itroninc
"id": "ITR1777220666",
"linkid": "itroninc",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'No customer systems affected',
'industry': 'Utility technology',
'location': 'Washington, USA',
'name': 'Itron, Inc.',
'size': '5,600 employees, $2.4 billion in 2025 revenue',
'type': 'Company'}],
'date_detected': '2026-03',
'date_publicly_disclosed': '2026-04-13',
'description': 'Itron, Inc. confirmed that an unauthorized third party '
'accessed portions of its internal systems in a cyberattack '
'detected last month. The company disclosed the incident in an '
'April 13, 2026, filing with the U.S. Securities and Exchange '
'Commission (SEC), stating it activated its cybersecurity '
'response plan upon discovery. The breach did not extend to '
'customer systems, though the investigation into its full '
'scope remains ongoing. No ransomware group has claimed '
'responsibility for the attack.',
'impact': {'financial_loss': 'Incident-related costs expected to be covered '
'by insurance',
'operational_impact': 'No material disruption to business '
'operations',
'systems_affected': 'Internal systems'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2026-04-13',
'source': 'U.S. Securities and Exchange Commission (SEC) '
'filing'}],
'regulatory_compliance': {'regulatory_notifications': 'SEC filing'},
'response': {'communication_strategy': 'SEC filing on April 13, 2026',
'containment_measures': 'Breach blocked, no observed follow-up '
'activity',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes',
'third_party_assistance': 'External advisors engaged for '
'investigation and mitigation'},
'threat_actor': 'Unauthorized third party',
'title': 'Itron Discloses Cyberattack on Internal Systems, Containment '
'Achieved',
'type': 'Cyberattack'}