Data leak at Enercoop after account compromise
On 11 May 2026, French renewable-energy cooperative Enercoop suffered a security incident in which email addresses tied to customer, prospect and member accounts were compromised and abused to send fraudulent phishing messages impersonating its customer service.
- Victim
- Enercoop
On 11 May 2026, Enercoop — a French cooperative supplier of 100% renewable electricity — identified a security incident in which one of its systems was compromised and abused to send fraudulent messages impersonating its customer service.
According to Enercoop's official incident notice, the compromise exposed email addresses associated with customer, prospect and member accounts. At this stage the company confirms only the exposure of certain email addresses; investigations are continuing to determine the precise scope of the accounts and data affected. The primary risk identified is phishing: recipients receiving fraudulent messages that pretend to come from Enercoop.
Exposed data confirmed to date:
- Email addresses linked to customer, prospect and member accounts
Enercoop's technical and security teams say they immediately took steps to contain the incident and secure the affected systems. All individuals who received the fraudulent messages were notified by email (update of 12 May 2026), and the company notified France's data-protection regulator, the CNIL, within the deadline required by the GDPR. Enercoop has urged recipients to be wary of any message impersonating its customer service.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-05-12-enercoop
- faq.enercoop.frhttps://www.faq.enercoop.fr/hc/fr/articles/35519628613266-Information-incident-de-s%C3%A9curit%C3%A9-11-mai-2026
- frenchbreaches.comhttps://frenchbreaches.com/alertes/enercoop-mp483a8bqjhyqqnz5v8