Energy supplier Entega hacked – data is on the dark web

B2B Cyber ​​Security ShortNews

Share post

ENTEGA IT subsidiary COUNT+CARE GmbH & Co. KG was attacked back in June, the system data was encrypted with ransomware and a lot of customer data was stolen. According to Entega, a ransom in the high tens of millions was demanded, which was not paid. Well, in July 2022, much of the customer data can be found on the dark web, as threatened. According to experts, the APT group "Black Cat" is at work here.

Cyber ​​criminals who attacked the ENTEGA IT subsidiary COUNT+CARE GmbH & Co. KG on the second weekend in June placed personal data from ENTEGA customers, employees and business partners on the so-called dark web. According to the current state of knowledge, the criminal publication of the data affects a large number of customers of ENTEGA and its subsidiaries, whose names, addresses and consumption data are affected.


Lots of Entega customer data on the dark web

“We deeply regret this incident. Together with the investigating authorities, we have done everything we can since the beginning of the criminal attack to clear up the incident and quickly make the affected systems functional again," says ENTEGA company spokesman Michael Ortmanns. Currently, it is still being evaluated at high pressure which data was stolen.

"We will immediately provide all information about the criminal attack and its consequences on our website," said the spokesman. COUNT+CARE, a subsidiary of ENTEGA AG, fell victim to a cyber attack in June. Among other things, the company's websites and customer portals were blocked. The affected IT systems were immediately isolated and secured, and an investigation by external IT specialists was initiated. ENTEGA immediately informed the responsible data protection and security authorities.


Critical infrastructure (KRITIS) not affected

At no time was there any danger to the so-called critical infrastructure – i.e. the gas, electricity, water and district heating networks operated by ENTEGA and its subsidiaries. "There was no risk of power, water, gas or heat failures," said ENTEGA spokesman Michael Ortmanns.

The damage caused by the cybercriminals has now been largely repaired. The websites and customer portals of ENTEGA can be accessed normally again. Extensive measures have been taken to protect those affected as comprehensively as possible. These include, among other things, resetting the password when accessing online. ENTEGA asks customers to be vigilant regarding suspicious letters, emails, phone calls (mobile/landline), text messages or other unusual activity, particularly on online accounts, including

Bank details and passwords published

The bank details of some customers were also published. Those affected will be informed individually by ENTEGA. ENTEGA asks these customers in particular to check their bank accounts regularly and, if necessary, to change the passwords used for online banking. However, the company points out that due to the Europe-wide binding two-factor authentication for online banking, the risk of unauthorized transfers is low. There is also a risk of criminal use of the data for the other parties involved. In individual cases, it could happen that those affected receive more spam mails or unsolicited advertising calls in the future. Entega provides further information for customers and a hotline on its website.

More at


Matching articles on the topic

Relaxation when there is a shortage of skilled workers in IT security

The world stands still, it seems, but appearances are deceptive. As with so many IT topics, managed security is also essential ➡ Read more

Hacker Barriers: Preventing Account Abuse with Least Privilege Approach

With traditional perimeter-based security concepts, cybercriminals usually have an easy time once they have breached this protective wall. Especially in the crosshairs ➡ Read more

Researchers uncover attacks on European aviation and defense companies

ESET researchers uncover targeted attacks against top European aerospace and defense companies. Joint investigation in cooperation with two of the European companies concerned ➡ Read more

Trends and tips for the further development of modern CISOs

Kudelski Security, the Kudelski Group's cybersecurity division, releases its new cyber business research paper "Building the Future of Security Leadership". ➡ Read more

Java malware copies passwords

G Data researchers reveal: Java malware copies passwords and also enables remote control via RDP. A newly developed in Java ➡ Read more

Trust in VPN for secure access

SANS Institute, a provider of cybersecurity training and certification, provides the Remote Worker Poll study on the prevalence of home office security ➡ Read more

Hacker group gives up and publishes keys

Sometimes hackers sneak in something like remorse or a guilty conscience and they show off their black hats ➡ Read more

Malicious Chrome extensions lead to data theft

Google Chrome Extensions and Communigal Communication Ltd. (Galcomm) domains have been exploited in a campaign that aims to track activities and data ➡ Read more