Skip to content
Data breachOngoing

Leak at ENI

In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.

Victim
ENI

On 27 December 2025, ENI — the French arm of the Italian energy major Eni (Eni Gas & Power France) — was hit by a data breach claimed by the Lapsus$ group, which advertised a French customer database on cybercrime channels. The actor posted a sample of roughly a thousand records and claimed to hold 89,463 entries in total. ENI later confirmed it had been the victim of an "unauthorised disclosure" of professional information, with coverage estimating between 40,000 and 50,000 business clients affected.

The exposed records concerned professional/business customers — restaurants, parishes, co-ownerships, cooperatives and companies — rather than the energy group's full retail base. The attack vector was not officially confirmed; the data may have been taken directly from ENI or via a partner.

Data categories reported as exposed:

  • Business/company name and customer reference
  • Contact name (first and last name)
  • Professional email address and phone number
  • Profile type and position/function
  • Last login dates, and in some samples the PDL (14-digit electricity delivery-point identifier)

ENI stated that no account passwords, consumption histories or banking details were compromised. The company filed a complaint with the authorities and notified France's data protection regulator, the CNIL. The main residual risk is highly targeted phishing and fraud — including fraudulent supplier-switching — built on the exposed professional contact and PDL data. The investigation was ongoing at the time of disclosure.

Sources

  1. clubic.comhttps://www.clubic.com/actualite-593956-l-energeticien-eni-confirme-avoir-subi-une-cyberattaque-en-france-des-milliers-de-clients-exposes.html
  2. zataz.comhttps://www.zataz.com/eni-fuite-donnees-pdl-cybersecurite/
  3. generation-nt.comhttps://www.generation-nt.com/actualites/eni-fuite-donnees-cybersecurite-lapsus-phishing-clients-professionnels-2068897
  4. cyberveille.chhttps://cyberveille.ch/posts/2026-01-10-eni-confirme-une-fuite-de-donnees-clients-francais-revendiquee-par-lapsus/

Related incidents

Data breachUnknown

Leak at EDF DPIH

On 28 February 2025, a threat actor claimed to have stolen a database from EDF's hydraulic generation division (DPIH), exposing power-plant intervention and maintenance plans, security inspection results and maintenance staff IDs; EDF and researchers disputed the actor's nuclear claims.

Victim
EDF DPIH
Data breachContained

Leak at E.Leclerc

In January 2025, E.Leclerc's Prime énergie (energy-rebate) platform was hit by fraudulent account access, exposing customers' names, email addresses, login credentials, file numbers, rebate amounts and service descriptions; the breach was disclosed to affected users on 24 January 2025.

Victim
E.Leclerc