ZeroFox Intelligence Flash Report - Spanish Energy Company Breached

ZeroFox Intelligence Flash Report - Spanish Energy Company Breached

Product Serial: F-2026-01-12a

TLP:CLEAR

In this Flash report, ZeroFox researchers focus on recent advertisements on multiple dark web forums of data related to the recent breach of the Spanish energy company Endesa.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

• On January 4, 2026, actor “spain” announced on the dark web forum BreachForums that they had breached Endesa, a Spanish energy company. On January 5, 2026, actor “glock” posted the same advertisement on the dark web forum DarkForums. ZeroFox assesses it is almost certain these personas are being operated by the same threat actor.
• According to spain/glock, the sales post was approved by both forums’ moderation teams, and the data was verified, likely lending significant credibility to the post.
• Endesa confirmed in a statement that a threat actor gained unauthorized and illegitimate access to its systems and extracted sensitive personally identifiable information (PII).
• It is almost certain that the advertisements on the dark web forums will attract significant attention from potential buyers, especially considering that Endesa has confirmed the breach.