Hundreds of thousands of German customer data on the Darknet for sale – you have to do that

The Hessian energy supplier Entega was the victim of a hacker attack. The hackers attacked Entega on the night of June 12, 2022 (Sunday), as the company reports on its dedicated website. Among other things, the company’s websites and customer portals were blocked.

So the attack succeeded

According to Hessischer Rundfunk, an Entega employee clicked on the malware-infested email attachment. With that, the misfortune took its course.

Customer data ends up on the dark web

On the night of July 11, 2022, the cyber gangsters posted the personal data they captured from customers, employees and business partners on the dark web.

These customers are affected

Customers from the electricity, gas and telecommunications sectors as well as district heating and water from Entega Plus GmbH and Entega AG are affected. In addition, a large number of Entega’s business partners (essentially their contact details) and Entega employees are likely to have been affected by the data theft.

More specifically, Entega’s IT subsidiary COUNT+CARE GmbH & Co. KG was the victim of the attack. The hackers captured the “data of many customers of Entega and its subsidiaries,” as the energy supplier writes: names, addresses and consumption data as well as e-mail addresses and telephone numbers. This is what online gangsters can use to make fraudulent calls, spam, identity theft and illegal internet orders.

In the case of electricity, gas, district heating and water customers of Entega Plus GmbH and Entega AG, contract-specific data such as contract account numbers, business partner numbers, bills and meter and consumption data are also affected.

In the case of telecommunications customers of Entega Plus GmbH, contract-specific data such as contract account numbers, telephone numbers, billing and balance lists are also affected.

Particularly problematic: “For some customers, the bank details were also published.” Entega informs these customers whose bank details have been published on the dark web individually. These customers should check their bank accounts and change passwords used for online banking.

The SWR writes: “A large proportion of the customers of the energy supplier Entega are probably affected. In addition, data from customers of the Mainzer Stadtwerke, the Mainz transport company MVG and the Darmstadt transport company HEAG mobilo were published (these companies are also customers of Count and Care) The exact number of those affected has not yet been determined. Entega alone had around 700,000 contract customers at the end of 2021.”

This is happening

Entega would currently evaluate at high pressure which data was stolen. Entega works with the investigating authorities. “The affected IT systems were immediately isolated and secured, and an investigation by external IT specialists was initiated,” writes Entega. The responsible data protection and security authorities have been informed. “There was no risk of power, water, gas or heat failures,” said ENTEGA spokesman Michael Ortmanns.

The problems caused by the attackers are said to have been largely resolved by now.

You know that about the attackers

The Russian hacker group “Black Cat” is said to have carried out the attack, as reported by Hessischer Rundfunk. According to Entega, the attackers are criminals who encrypt IT systems and then demand a ransom for the decryption. In addition, the cybercriminals make money by selling the data. The gangsters also demanded a ransom from Entega, but Entega refused to pay. According to Hessischer Rundfunk, the blackmailers demanded a ransom of 15 million euros from Entega.

That’s what Entega advises those affected

Entega customers should be wary of “suspicious letters, emails, phone calls (mobile/landline), text messages, or other unusual activity, particularly on online accounts, including meineentega.de.”