German electricity provider Tibber hit by cyberattack, at least 50k people affected
Learn More
German electricity provider Tibber reports a cyberattack targeting their online store, which specializes in smart energy hardware sales including the "Pulse" power tracker.
The breach was detected when threat actors, operating under the identifier "888," began offering stolen customer data on a dark web forum on November 11, 2024, listing it as "Tibber Data Breach - Leaked, Download." The incident affected 50,000 German customers, though threat actors claimed to possess 243,000 lines of data.
The company launched an investigation and reported the breach to the Berlin police and engaged both internal and external data security experts to strengthen their security measures.
Tibber clarified that this discrepancy likely resulted from multiple entries or split data records. The compromised information includes:
- Names
- Email addresses
- Usernames
- Order histories
- Order amounts
- Partial address data
- Location data
- Spending patterns
No details are disclosed about the nature of the attack.
Tibber claims that the breach was contained to a subsystem of the Tibber Store and did not affect the company's core electricity provision services and that critical data categories remained secure, including payment information, exact addresses, passwords, birth dates and information from existing electricity contracts.
Tibber notified affected customers on November 13, 2024
