Leak at ENI
In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.
- Victim
- ENI
On 27 December 2025, ENI — the French arm of the Italian energy major Eni (Eni Gas & Power France) — was hit by a data breach claimed by the Lapsus$ group, which advertised a French customer database on cybercrime channels. The actor posted a sample of roughly a thousand records and claimed to hold 89,463 entries in total. ENI later confirmed it had been the victim of an "unauthorised disclosure" of professional information, with coverage estimating between 40,000 and 50,000 business clients affected.
The exposed records concerned professional/business customers — restaurants, parishes, co-ownerships, cooperatives and companies — rather than the energy group's full retail base. The attack vector was not officially confirmed; the data may have been taken directly from ENI or via a partner.
Data categories reported as exposed:
- Business/company name and customer reference
- Contact name (first and last name)
- Professional email address and phone number
- Profile type and position/function
- Last login dates, and in some samples the PDL (14-digit electricity delivery-point identifier)
ENI stated that no account passwords, consumption histories or banking details were compromised. The company filed a complaint with the authorities and notified France's data protection regulator, the CNIL. The main residual risk is highly targeted phishing and fraud — including fraudulent supplier-switching — built on the exposed professional contact and PDL data. The investigation was ongoing at the time of disclosure.
Sources
- clubic.comhttps://www.clubic.com/actualite-593956-l-energeticien-eni-confirme-avoir-subi-une-cyberattaque-en-france-des-milliers-de-clients-exposes.html
- zataz.comhttps://www.zataz.com/eni-fuite-donnees-pdl-cybersecurite/
- generation-nt.comhttps://www.generation-nt.com/actualites/eni-fuite-donnees-cybersecurite-lapsus-phishing-clients-professionnels-2068897
- cyberveille.chhttps://cyberveille.ch/posts/2026-01-10-eni-confirme-une-fuite-de-donnees-clients-francais-revendiquee-par-lapsus/