After a cyber attack on a subsidiary of the energy supplier Entega, criminals published masses of customer data on the dark web.

Entega AG, to which the subsidiary Count and Care affected by the cyber attack belongs, said on Wednesday that it was primarily names, addresses and consumption data, but in some cases also bank details.

Personal data of employees and business partners were also put on the dark web.

It was initially unclear how many people were affected by the criminal publication of the data.

An Entega spokesman said the majority of customers could be affected, but to varying degrees.

The investigation into the stolen data is still ongoing.

According to Entega's annual report, the number of customer contracts at the end of 2021 was almost 700,000.

According to the company's initial findings, bank details such as the IBAN number were published in significantly less than ten percent of the cases.

Affected customers would be informed separately by letter, explained Entega.

You should regularly check your accounts and possibly change the passwords used for online banking.

Since transfers have to be approved in two ways (two-factor authentication), the risk of unauthorized transfers is low.

According to the energy supplier, all passwords in the customer portals have been reset to prevent unauthorized access.

Entega also set up a free hotline and the website https://www.entega.de/hackerattack to provide information about the consequences of the cyber attack.

The Darknet is a network within the Internet that can only be accessed with special software and is intended to offer extensive anonymity.

It is used, for example, by activists in authoritarian countries - but also by criminals for illegal business.

According to dpa information, the investigators are now assuming that a Russian group is behind the cyber attack.

The Frankfurt Public Prosecutor's Office is leading the investigation.

The attack was directed against the IT service provider Count and Care in mid-June.

In addition to Entega, this also restricted the IT systems of the Frankfurt Waste Management and Service Group (FES), as well as the Darmstadt transport company Heag and the Mainz municipal works, including local transport companies.

According to Heag, the company's customer data has now also been published on the dark web, but subscription customers are not affected.

For example, the company's customer portals were no longer accessible for a long period of time, and employees could no longer access their email accounts.

The damage has since been largely repaired.

Gas, electricity, water and district heating networks operated by Entega were not affected by the cyber attack.

"There was no risk of power, water, gas or heat failures," said a spokesman.

It was previously known that the criminals were using so-called ransomware, a type of malware.

With such a program, computers can be encrypted, thereby restricting or even completely preventing access to data and systems.

The attackers demand a ransom for the decryption.