Basel utility IWB: ~40,000 customer records exfiltrated in a breach of a third-party service provider
Industrielle Werke Basel (IWB) — the canton-owned Basel multi-utility supplying electricity, gas, water, district heating and telecom/fibre — disclosed on 15 July 2026 that an external service provider it uses was compromised and roughly 40,000 customer records were exfiltrated from the provider's environment (Netzwoche, 2026-07-15). The stolen data comprises customer names and addresses plus technical smart-meter attributes (meter serial numbers and installation characteristics); IWB states that email addresses, phone numbers, energy-consumption data and billing/payment data were not part of the exposure, so no consumption-pattern inference is possible from what was taken (SwissCybersecurity.net, 2026-07-15). IWB's own IT and OT/grid systems were unaffected and energy/water supply continuity was not disrupted — the compromise is scoped to the provider's systems and the customer-data feed IWB shares with it (Netzwoche, 2026-07-15). The provider detected and notified IWB, which audited access, reviewed logs and pre-emptively restricted its data exchange with the affected provider; the Basel-Stadt cantonal data protection officer assessed the misuse risk as low (Watson.ch, 2026-07-15). No provider name, threat-actor claim or initial-access vector has been disclosed, and no matching leak-site listing was found for Switzerland in-window.
Bei einem Cyberangriff auf einen Dienstleister der Industriellen Werke Basel (IWB) haben Cyberkriminelle rund 40'000 Datensätze von Kundinnen und Kunden des Energieversorgers entwendet.
Die IWB-Systeme blieben unversehrt, wie das Unternehmen mitteilt. Auch die Energieversorgung sei nicht beeinträchtigt gewesen.
ATT&CK mapping
1 technique mapped from the cited reporting · MITRE ATT&CK v19.1
Initial Access TA0001
T1199Trusted Relationship
Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship abuses an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network.
AI-generated · no human review · this permalink is the shareable record for the finding · verify operationally critical claims against the linked primary source.