Vattenfall has been hit by a data breach at a supplier in the Netherlands. A total of 30,000 Dutch customers have been affected, with data such as names, e-mail addresses, physical addresses, telephone numbers, partially shielded bank account numbers and dates of birth being captured. The source of the data leak lies with an external party of Vattenfall, who managed a digital archive with letters from the energy supplier to its customers. An employee of this company has stolen the data, though it is unclear whether they had contact with criminals.
Vattenfall has reported the incident to the Dutch Data Protection Authority and informed the affected customers. Access to the digital archive of letters has been restricted and the process of hiring new employees is being scrutinized by the third party.
This data breach follows an incident in October 2022, in which a hired external employee photographed customer data and tried to share it with third parties. Vattenfall is now analyzing its customer systems more intensively in response.