Spain
Energy
Threat Actor Claims to Sell a 110 GB Iberdrola Customer Database Affecting 7 Million Customers
A threat actor using the alias spain claims to be selling a 109.79 GB customer database stolen from Iberdrola, one of the world's largest electricity utilities, and lists the domain iberdrola.es. The post advertises data on more than 7 million customers, including banking (IBAN), national ID, and contact details, with a small sample and a Telegram contact for buyers. The intrusion is attributed in the post to "RP" and is unverified; Iberdrola has not publicly addressed it.
Spain▣Post details
Spain!Allegedly exposed
- 7M+ customer records (claimed)
- Customer names & account IDs
- IBAN bank account numbers
- National IDs (DNI / NIF / CIF)
- Email addresses & phone numbers
- Addresses (city, province, ZIP)
- Tariff, contract & power (potencia) data
- Billing & purchase totals
- Supply-point identifiers (CUPS)
- Customer photos & call records
Screenshot
⚠Potential impact
If genuine, a dataset of 7 million customers containing IBAN bank details, national IDs (DNI/NIF/CIF), emails, phone numbers, and addresses would be highly valuable for financial fraud, phishing, and identity theft at scale across Spain. Energy-account and supply-point details could also enable convincing, targeted scams against utility customers. As with any large "for sale" listing, the figures may be inflated or partly recycled from earlier breaches.
iStatus
UnverifiedA sample and a full column listing were posted to an underground forum, with the full dataset offered via a Telegram contact and escrow; the sample links, password, and contact identifiers are not reproduced here. The claim has not been independently confirmed and Iberdrola has not publicly addressed it.
DARK WEB INFORMER - THREAT INTELLIGENCE
