Skip to content
Data breachUnknown

Leak at EDF DPIH

On 28 February 2025, a threat actor claimed to have stolen a database from EDF's hydraulic generation division (DPIH), exposing power-plant intervention and maintenance plans, security inspection results and maintenance staff IDs; EDF and researchers disputed the actor's nuclear claims.

Victim
EDF DPIH

On 28 February 2025, EDF DPIH — the Division Production Ingénierie Hydraulique, the unit that operates and engineers EDF's fleet of hydroelectric plants in France — was named as the victim of a data leak claimed on a hacking forum. A threat actor advertised a database said to belong to the division and offered it for sale.

According to the actor, the dataset covered the division's archives, interventions, development and test work, with everything planned for the future. The exposed material was described as operational and maintenance documentation rather than customer data.

Exposed data categories reportedly included:

  • Power-plant intervention and maintenance plans
  • Results of security inspections and operations
  • IDs of maintenance staff

The actor framed the trove as concerning "nuclear" plant safety, but EDF employees and security researchers (notably ZATAZ) publicly corrected this: DPIH manages hydroelectric, not nuclear, generation. Reporting noted skepticism about the breach's true scope, suggesting the data may have been exaggerated or recycled. EDF did not issue a detailed public confirmation, and the scale and authenticity of the leak remain unverified.

Sources

  1. zataz.comhttps://www.zataz.com/un-pirate-sattaque-a-edf-dpih/
  2. frenchbreaches.comhttps://frenchbreaches.com/alertes/edf-dpih-20dac3476010

Related incidents

Data breachOngoing

Leak at ENI

In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.

Victim
ENI
Data breachContained

Leak at E.Leclerc

In January 2025, E.Leclerc's Prime énergie (energy-rebate) platform was hit by fraudulent account access, exposing customers' names, email addresses, login credentials, file numbers, rebate amounts and service descriptions; the breach was disclosed to affected users on 24 January 2025.

Victim
E.Leclerc