ctipilot.ch

Industrielle Werke Basel (IWB) third-party service-provider data breach (July 2026)

incident · incident:iwb-basel-service-provider-breach-2026-07

Disclosed 2026-07-15: an external service provider to Basel's canton-owned energy/water/telecom utility Industrielle Werke Basel was compromised, exposing ~40,000 customer records (names, addresses, smart-meter numbers and installation attributes); IWB's own IT/OT systems and supply were unaffected and the Basel-Stadt data protection officer assessed misuse risk as low. No provider name, actor or initial-access vector disclosed (Netzwoche, SwissCybersecurity.net, Watson.ch).

Aliases: IWB Kundendaten Datenleck 2026, Industrielle Werke Basel data breach

Coverage timeline
1
first 2026-07-16 → last 2026-07-16
Peak priority
notable
1 notable
Sources cited
3
3 hosts
Sections touched
1
active-threats
Co-occurring entities
0
no co-occurrence
ATT&CK techniques
1
pinned v19.1 · see below

Hunting pivots

ATT&CK techniques

ATT&CK techniques

1 technique observed across 1 entry — derived from entry metadata and body evidence, never asserted without a published entry behind it · pinned to MITRE ATT&CK v19.1 · compare on the matrix · Navigator layer (JSON)

Initial Access TA0001

T1199Trusted Relationship×1

Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship abuses an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network.

Evidence: 2026-07-16/iwb-basel-third-party-provider-breach-40k-customer-records · ATT&CK page ↗

Story timeline

  1. 2026-07-16Basel utility IWB: ~40,000 customer records exfiltrated in a breach of a third-party service provider
    active-threatsSwiss municipal energy/water/telecom utility IWB discloses a third-party-provider breach exposing ~40,000 customer meter records

Where this entity is cited

  • active-threats1

Source distribution

  • netzwoche.ch1 (33%)
  • swisscybersecurity.net1 (33%)
  • watson.ch1 (33%)

explore in graph

Entries about Industrielle Werke Basel (IWB) third-party service-provider data breach (July 2026) (1)

2026-07-16 · view entry permalink →

NOTABLENATOB2

Basel utility IWB: ~40,000 customer records exfiltrated in a breach of a third-party service provider

Industrielle Werke Basel (IWB) — the canton-owned Basel multi-utility supplying electricity, gas, water, district heating and telecom/fibre — disclosed on 15 July 2026 that an external service provider it uses was compromised and roughly 40,000 customer records were exfiltrated from the provider's environment (Netzwoche, 2026-07-15). The stolen data comprises customer names and addresses plus technical smart-meter attributes (meter serial numbers and installation characteristics); IWB states that email addresses, phone numbers, energy-consumption data and billing/payment data were not part of the exposure, so no consumption-pattern inference is possible from what was taken (SwissCybersecurity.net, 2026-07-15). IWB's own IT and OT/grid systems were unaffected and energy/water supply continuity was not disrupted — the compromise is scoped to the provider's systems and the customer-data feed IWB shares with it (Netzwoche, 2026-07-15). The provider detected and notified IWB, which audited access, reviewed logs and pre-emptively restricted its data exchange with the affected provider; the Basel-Stadt cantonal data protection officer assessed the misuse risk as low (Watson.ch, 2026-07-15). No provider name, threat-actor claim or initial-access vector has been disclosed, and no matching leak-site listing was found for Switzerland in-window.

Bei einem Cyberangriff auf einen Dienstleister der Industriellen Werke Basel (IWB) haben Cyberkriminelle rund 40'000 Datensätze von Kundinnen und Kunden des Energieversorgers entwendet.

Die IWB-Systeme blieben unversehrt, wie das Unternehmen mitteilt. Auch die Energieversorgung sei nicht beeinträchtigt gewesen.

Netzwoche 2026-07-15
incident16 Jul 04:38Zmulti-sourceOpen finding ↗