A group of cybercriminals published on Sunday a sample of data belonging to customers of the French giant ENGIE, which was allegedly hacked. Some of this data would be sensitive.
Was ENGIE, the French energy giant, the victim of hacking? On its networks, the cybercriminal group Lapsus$ claimed responsibility, on Sunday May 5, 2024, for hacking the company, by publishing a sample of the latter’s sensitive data, potentially belonging to individuals. The hackers behind this leak had already published, a few days ago, data belonging to the Ministry of Agriculture, as we revealed to you on Clubic.
ENGIE once again hit by a cybercriminal incident?
The ENGIE group would therefore have been the victim of a hack leading to a leak of customer data. The sample of information published by the Lapsus$ group on dark social reveals the presence of full names, addresses, request numbers, appointment dates, brands and models of equipment used, among others data.
What can we say about this leak? “ Regarding the recent incident involving Lapsus$ and ENGIE, it is crucial to understand that this event is not isolated. The group has put online a sample of the voyageurs.engie.fr database », confirms Jérôme Thémée, founder of the ESD Cybersecurity Academy.
This publication from the Lapsus$ group, whose recent activities we are going to talk about, “ comes after a similar leak in 2023, flagging continued deficiencies in the energy provider’s security measures », remembers our expert.
ENGIE customers should exercise caution and change their password
The group behind this supposed hack is in any case not unknown. Lapsus$ has, in the past, shone through the hacks of OKTA companies, specializing in identity and access management in March 2022. But it is best known for having compromised Electronic Arts (EA) in June 2021, and having potentially been behind a leak linked to the future GTA 6.
In any case, for Jérôme Thémée, “ these repetitions of incidents highlight a significant vulnerability in data protection at ENGIE “. For the specialist, it is now imperative that the company reviews its cybersecurity strategies to strengthen its defenses and regain the trust of its users.
“ For consumershe addsit is advisable to remain vigilant, monitor their accounts for any activity, and strengthen the security of their own data “. We must indeed expect that a phishing campaign – one more – will follow in the near future. If you are an ENGIE customer, we obviously advise you to change your account password as quickly as possible, even if nothing indicates, at this stage, a more specific violation of identification data.
2