Repsol suffered a cyber attack on its database customers of electricity and gas in Spain hosted by an external provider that affected thousands of users, but has already been patched, according to company sources.
On September 10, the multi-energy group detected partial access to the data of the country’s electricity and gas customers, following an incident suffered by one of its suppliers.
Repsol immediately implemented measures to remediate the cyberattack and protect its customers, and reported this situation to the relevant authorities.
Compromised information does not include sensitive datafinancial (bank accounts, credit cards), passwords or electricity consumption data. The data concerned are name and surname, identity document, address, contact details and CUPS (each customer’s supply code).
Repsol regretted this situation and the inconvenience it could cause to affected customers, whom it began to proactively inform on Thursday afternoon via email.
The company thus joins the long list of large Spanish companies that have suffered cyberattacks this year, in the case of Orange, Iberdrola, Banco Santander, Telefónica, Endesa, the Spanish subsidiary of the French energy company TotalEnergies, Amper or textile Tendam (Cortefiel) among others, and whose aim is to access the data of their respective customers or to obtain various types of information.
Organizations such as the Armed Forces or educational institutions such as the Complutense University have also been the target of this type of attack.