A threat actor is claiming to be selling a database allegedly belonging to Naturgy, one of Spain’s largest energy providers, containing records associated with approximately 1.6 million customers.
According to the listing, the purported dataset includes customer names, addresses, phone numbers, email addresses, Spanish national identification numbers (DNI/NIF), and IBAN bank account details. The seller describes the information as “fresh” and claims the database is being offered to the highest bidder.
BreachNews has not independently verified the authenticity of the alleged dataset or confirmed that the information originated from Naturgy.
The threat actor published screenshots appearing to show customer records exported in CSV format alongside a detailed database schema containing utility account, contract, billing, and customer enrollment fields. References within the sample data appear consistent with Spanish energy service records, including fields related to gas and electricity accounts, tariffs, service activation details, and customer identifiers.
Alleged utility customer data offered for sale
The seller claims the database contains information on more than 1.6 million Spanish citizens and is offering a free sample consisting of 5,000 records to prospective buyers.
According to the post, the alleged data includes customer contact information, banking details, utility service identifiers, contract information, and other account-related records.
If authentic, the exposure of national identification numbers and IBAN details could present risks including identity theft, financial fraud, targeted phishing campaigns, and social engineering attacks against affected customers. The claim follows other recent utility-sector breach allegations reported by BreachNews, including an alleged iGreen Energy breach involving 5 million records that reportedly exposed utility account information, credentials, and KYC-related data.
Screenshots show extensive customer records
Screenshots accompanying the listing appear to show large volumes of customer data displayed in CSV format. The records include numerous fields associated with utility account management and customer onboarding processes.
While the screenshots provide some evidence that the seller possesses a substantial dataset, they do not independently confirm that the information originated from Naturgy or that the claimed record count is accurate.
Threat actors frequently exaggerate dataset sizes, combine information from multiple sources, or misrepresent the origin of records to increase the value of a sale.
Naturgy has not publicly addressed the claim
Naturgy is one of Spain’s largest energy companies, providing electricity and natural gas services to millions of residential and commercial customers.
At the time of publication, Naturgy had not issued any public statement regarding the alleged database sale.
Additional analysis of the purported dataset would be required to verify the source of the records, determine whether the information is current, and assess the overall scope of the alleged exposure.
