Brinztech Alert: The Alleged Data of Iberdrola Spain are Leaked

Dark Web News Analysis

The dark web news reports a significant data breach affecting Iberdrola Spain, one of the country’s largest energy utility providers. A threat actor on a hacker forum claims to have exfiltrated over 3,000 files allegedly dating back to May 3, 2024.

The leak mechanism is notable: the data was reportedly exported directly from a compromised Google Drive account. The exposed files contain highly sensitive customer information, including Full Names, Phone Numbers, Physical Addresses, ID Numbers (DNI/NIF), Email Addresses, Service Details, and critically, IBANs (International Bank Account Numbers).

Key Cybersecurity Insights

Breaches of utility companies involving banking data are “Tier 1” financial threats because they expose the core mechanism of household bill payments:

• Direct Debit Fraud (Domiciliación): The combination of DNI and IBAN is uniquely dangerous in the Spanish banking system. Malicious actors can use this data to set up unauthorized direct debits (“domiciliación bancaria”) for services or subscriptions. Since the data is valid, the bank often approves the charge automatically.
• The “Utility Cutoff” Scam: With access to Service Details and Phone Numbers, scammers can launch terrifying “Vishing” (Voice Phishing) attacks. They call the customer, citing real contract numbers, and threaten to cut off the electricity immediately unless an “unpaid bill” is settled via credit card or Bizum.
• Shadow IT Risks: The fact that 3,000 sensitive files were exfiltrated from Google Drive suggests a failure in Data Loss Prevention (DLP). It implies that sensitive customer data was likely moved out of secure, monitored corporate environments into cloud storage that may have lacked strict access controls or MFA.
• Identity Theft: The DNI is the cornerstone of identity in Spain. Combined with a home address and phone number, it allows criminals to sign up for loans, SIM cards, or online betting accounts in the victim’s name.

Mitigation Strategies

To protect customer finances and cloud infrastructure, the following strategies are recommended:

• Bank Monitoring: Affected customers must monitor their bank accounts specifically for unauthorized direct debit setups. In Spain, users have a window (usually 8 weeks) to return unauthorized receipts; swift action is required.
• Cloud Security Audit: Iberdrola must urgently audit all corporate Google Drive and cloud storage permissions to identify how an external actor gained access (e.g., via a compromised employee token or a public link).
• Official Notification: A clear communication campaign is needed to warn customers that Iberdrola will never demand immediate payment via phone to prevent service cuts.
• MFA Enforcement: Ensure that all employee accounts with access to cloud storage are protected by hardware-based Multi-Factor Authentication.

Secure Your Business with Brinztech — Global Cybersecurity Solutions

Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback?

For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com