A new major cyber attack would have touched France. This time, it is the EDF energy giant that is in the sights of pirates, with more than 6.3 million potentially compromised customer data.
A database containing personal information of more than 6.3 million EDF customers would currently be offered for sale on what experts call the “Amazon of cybercrime”.
A sophisticated attack with potentially devastating consequences
The announcement of this sale appeared this February 3, 2025 even, orchestrated by a cybercriminal known under the pseudonym ” Varun« .
The latter is not his first attempt: he has already stood out for attacks against several French entities, notably E.Leclerc.
The information on display is particularly sensitive and include:
- Personal identification data (name, first name, sex)
- Complete contact details (postal address, landline and mobile telephone, email)
- Specific customer account information (customer reference, file number)
- Details on transactions and services (type of work, amounts of premiums)
- Potentially confidential PDF documents
What makes this attack particularly worrying is the marketing method used. The cybercriminal uses a sales system by ” escrow »(Releasing), he exclusively accepts payments in cryptocurrencies: Bitcoin (BTC), Monero (XMR) or Litecoin (LTC).
The multiplication of these cyber attacks is part of a broader context where piaratages have multiplied, including Free ,. The growing use of artificial intelligence by cybercriminals only increases this threat, an aspect often underestimated in public debate.
Faced with this threat, several protective measures are essential for EDF customers:
- Immediate change of passwords associated with your EDF account
- Activation of double factor authentication (2FA/MFA)
- Use of a secure password manager
- Vigilance in the face of phishing attempts by email or SMS
- Regular surveillance of its accounts and bank statements
It is also important to educate those around him, especially the elderly who can be more vulnerable to the attempts to operate this data.
To go further
Stolen IBAN: What are the risks if your bank details leak online?
