During the night of July 22-23, the electricity and gas supplier Creos, part of the Luxembourg energy supplier Enovos Group, was subjected to a cyber attack. The hacker group called BlackCat has admitted to the act. The Data Protection Board said that there is no 100% protection against such attacks.
Encevo was previously blackmailed by the hacker group, Luxembourger Wort reported. If the energy provider does not comply with the ransom demand, the stolen data will be published. This has become a reality in other cases where hacker groups have stolen data and conducted extortion. However, nothing is known about the amount of the ransom. Luxembourg's data protection commission, CNPD, is not aware of any cases in the country involving the hacking group BlackCat. CNPD Commissioner Alain Hermann said the method is not new.
Encevo is not the first company to be affected by such an attack, as there have been many such attacks around the world in the past two to three years.
Through so-called ransomware attacks, hackers can access a company's network and hack into computers or steal data. In order not to release the data, a ransom is required.
Such a data theft occurred on the night of July 22-23, when the ransom group BlackCat stole about 180,000 pieces of data, with a capacity of 150 GB, through Encevo's website. this would be information about customers of the Encevo Group subsidiary Creos, including invoices, contracts and emails, and possibly copies of ID cards. says Alain Hermann , If customers are at risk, the company must communicate this.
GDPR (data protection) states that companies must notify people if they are at high risk. She has to help people protect themselves from hackers. This information can be passed on through direct contact. If this is not possible, companies must communicate openly.
The ransomware group BlackCat is a hacker group with ties to Russia. However, it is not known who exactly is behind the hack. On the Internet, you can find various cyber attacks BlackCat was involved in and where ransoms were demanded.
Stolen customer data from Encevo Group posted on the Dark Web
Stolen customer data from the Encevo Group has been posted on the Dark Web. This was announced by the ransom group BlackCat on its website.
Encevo is currently unable to say more details about the data, which may include names, first names, addresses, email addresses and phone numbers, as well as banking data for specific customer groups.
However, the Luxembourg-based energy provider said they have set up a website page.
https://www.encevo.eu/en/encevo-cyberattack/
In any case, the Encevo Group will take all the necessary steps, as it further states on its website.
Encevo Group contacts victims of cyber attacks by letter
As announced, the Encevo Group is currently registering in person the customers affected by the cyber attack on the night of July 23.
The persons involved will be notified individually by letter which personal and sensitive data was stolen by the hackers during the attack. For example, names, addresses, phone numbers and even account numbers. Among other things, customers are advised to regularly check their bank accounts and contact their bank immediately in the event of suspicious transactions. Due to security regulations, the risk of unauthorized installation is minimal.
There is also a reminder asking people not to share sensitive data via phone or email and that they should not click on suspicious emails. It is unclear how many people's data fell into the wrong hands.
Following the cyber attack, the stolen data was posted on the dark web. encevo assures customers that all measures have been taken to limit the impact of the cyber attack as much as possible. Monitoring of the system will also be intensified.
Creos and Encevo re-emphasize that the supply of electricity and natural gas is unaffected and that faulty service is guaranteed.
About the Encevo Group
The Encevo Group is the leading sustainable energy company in Luxembourg and the greater region.Encevo is committed to ensuring secure access to energy and a competitive supply, actively helping to shape the transition to a sustainable energy sector. It does this by adopting technologies, deploying innovative solutions and working with local communities.
The Encevo Group has a very wide geographical footprint, serving customers in Luxembourg, Germany, France, Belgium and the Netherlands. It spans the entire energy value chain, from production, storage, supply and transport to trading, distribution and services.
Creos Luxembourg S.A., a subsidiary of the Encevo Group, owns and manages the electricity and gas network in Luxembourg.