News Flash

Dolomiti Energia and Sorgenia hacked: customer data stolen in cyberattack

When the lights go out on digital security

Data stolen in cyberattack

31 October 2025

Table of contents

  • How the Dolomiti Energia and Sorgenia breach happened
  • How it happened and which data was compromised
  • What risks do customers face
  • How to protect yourself now
  • The bigger picture: when energy meets cyber security

How the Dolomiti Energia and Sorgenia breach happened

Two of Italy’s leading energy providers Dolomiti Energia and Sorgenia suffered a cyberattack on September 13, 2025.

The hackers stole personal and identification data from some customers, but the companies only informed users nearly a month later, on October 7.

Dolomiti explained that the breach occurred through an IT service provider: unauthorized access allowed the theft of documents related to supply contracts, including financial data.

Sorgenia confirmed a similar intrusion, also via an external provider, affecting customers under the “gradual protection” electricity plan.

How it happened and which data was compromised

According to initial investigations, the attackers accessed contract files, obtaining information such as full names, addresses, tax codes, and, in some cases, economic details linked to energy contracts.

Some of this data has already appeared on the dark web, raising the risk of identity theft and online fraud.

What risks do customers face

Experts warn that the compromised data could be used for online scams such as phishing (via email) or smishing (via SMS).

In both cases, the fraudster tries to convince the victim to provide sensitive information, click on fraudulent links, or enter passwords and banking credentials.

Anyone who has received communication from the companies should pay close attention to any suspicious messages: never respond to requests for data or payments, even if they appear to come from Dolomiti or Sorgenia.

How to protect yourself now

  • Change your password immediately for your Dolomiti Energia and Sorgenia online accounts.
  • Verify messages by contacting the company through their official websites.
  • Monitor your bank account regularly and report any unusual transactions right away.
  • If in doubt, contact the Data Protection Officers directly:
    • Dolomiti Energia → info.privacy@cert.dolomitienergia.it
    • Sorgenia → customers.privacy@sorgenia.it

Both companies stated they have taken immediate action to contain the attack, notify the Italian Data Protection Authority, and strengthen their cyber security measures.

The bigger picture: when energy meets cyber security

The breach highlights how even traditionally stable sectors like energy supply are vulnerable to cyber threats.

For consumers, the only defense is digital vigilance: learning to recognize scams, updating passwords, and protecting personal data.

2
To top