Skip to content

Incidents in sector:

Energy

Credential stuffingOngoing

FortiBleed: leaked dataset exposes VPN credentials for ~74,000 Fortinet firewalls

A dataset dubbed FortiBleed exposed valid Fortinet FortiGate VPN credentials โ€” including plaintext passwords โ€” for 73,932 firewall URLs across 194 countries, the product of a Russian-speaking crew that reused passwords from earlier breaches and infostealer logs rather than any new Fortinet vulnerability.

Victim
Organizations running Fortinet FortiGate firewalls worldwide
Data breachOngoing

Leak at ENI

In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.

Victim
ENI
Data breachUnknown

Leak at EDF DPIH

On 28 February 2025, a threat actor claimed to have stolen a database from EDF's hydraulic generation division (DPIH), exposing power-plant intervention and maintenance plans, security inspection results and maintenance staff IDs; EDF and researchers disputed the actor's nuclear claims.

Victim
EDF DPIH
Data breachContained

Leak at E.Leclerc

In January 2025, E.Leclerc's Prime รฉnergie (energy-rebate) platform was hit by fraudulent account access, exposing customers' names, email addresses, login credentials, file numbers, rebate amounts and service descriptions; the breach was disclosed to affected users on 24 January 2025.

Victim
E.Leclerc
RansomwareResolved

RECOPE RansomHub ransomware attack

RansomHub ransomware forced Costa Rica's state oil refiner RECOPE to switch its entire fuel-distribution network to manual operations, triggering the first real-world deployment of the U.S. State Department's FALCON cyber-response program.

Victim
Refinadora Costarricense de Petrรณleo (RECOPE)
Data breachResolved

Tibber data breach (2024)

In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases.

Victim
Tibber
Records
50.0K
RansomwareContained

Schneider Electric Sustainability Business Cactus ransomware (2024)

Cactus ransomware operators hit Schneider Electric's Sustainability Business division, taking the Resource Advisor consulting platform offline and exfiltrating approximately 1.5 TB of data โ€” including passport scans and signed NDAs from customers like Hilton, PepsiCo, and Walmart.

Victim
Schneider Electric โ€” Sustainability Business division
Data breachResolved

KitchenPal data breach (2023)

In November 2023, the kitchen management application KitchenPal suffered a data breach that exposed 146k lines of data. When contacted about the incident, KitchenPal advised the corpus of data came from a staging environment, although acknowledged it contained a small number of users for debuggingโ€ฆ

Victim
KitchenPal
Records
98.7K
RansomwareResolved

EPM BlackCat ransomware attack

The BlackCat/ALPHV ransomware gang crippled Colombia's largest public utility, Empresas Pรบblicas de Medellรญn, forcing 4,000 staff to work offline and disrupting electricity, water, and gas billing across 123 municipalities.

Victim
Empresas Pรบblicas de Medellรญn (EPM)
Data breachResolved

MyPertamina data breach (2022)

In November 2022, the Indonesian oil and gas company Pertamina suffered a data breach of their MyPertamina service. The incident exposed 44M records with 6M unique email addresses along with names, dates of birth, genders, physical addresses and purchases.

Victim
MyPertamina
Records
6.0M
sabotageunresolved

Iran nationwide fuel-distribution cyberattack

A cyberattack attributed to Predatory Sparrow disabled the system behind Iran's subsidized-fuel cards, knocking out payment at all 4,300 of the country's gas stations and hijacking highway billboards to taunt Supreme Leader Khamenei.

Victim
National Iranian Oil Products Distribution Company (NIOPDC) โ€” fuel-card network
EspionageContained

Ukraine power grid attack โ€” Sandworm BlackEnergy (2015)

The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1โ€“6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.

Victim
Ukrainian regional electricity distribution companies (Oblenergos)
WiperContained

Saudi Aramco Shamoon wiper

Iranian-attributed Shamoon wiper destroyed data on roughly 30,000 Saudi Aramco workstations on a single day, taking the world's largest oil company's IT estate offline for two weeks. The first major Iranian retaliatory cyber operation.

Victim
Saudi Aramco
Loss
$200.0M
WiperResolved

Stuxnet (Operation Olympic Games)

U.S. and Israeli intelligence services jointly developed and deployed Stuxnet โ€” the first widely-known cyber weapon to cause physical damage. The worm targeted Iran's Natanz uranium enrichment facility and destroyed approximately 1,000 IR-1 centrifuges over 2009โ€“2010.

Victim
Natanz uranium enrichment facility (Iran)
Loss
$100.0M