Hackers steal 50,000+ data sets – Tibber data leak: Lawyer says what those affected need to know now

We are currently receiving an increasing number of Tibber customers who are affected by the current data leak at the electricity provider Tibber. Affected customers should always be vigilant and look out for suspicious emails or phishing attempts. It is recommended that you change passwords and contact the appropriate authorities if any unusual activity occurs.

As a lawyer and partner at the Cologne media law firm WBS.LEGAL, Christian Solmecke specializes in advising the Internet and IT industry. In recent years, he has steadily expanded the firm's Internet law/e-commerce area and supports numerous media professionals, Web 2.0 platforms and app developers. In addition to his work as a lawyer, Christian Solmecke is a multiple author and, as the founder of the cloud-based law firm software Legalvisio.de, he is also a successful LegalTech entrepreneur.

Electricity provider Tibber affected by data leak

What happened? The electricity provider Tibber has fallen victim to a hacker attack in which, according to an official announcement, Tibber's data from over 50,000 German customers was stolen. The hackers themselves speak of 243,000 lines of data.

Tibber is a provider of dynamic electricity tariffs that offers its customers in Germany and Northern Europe green electricity at exchange prices. By using smart technologies, customers can optimize their electricity consumption and save costs.

The captured data set is currently being offered on the darknet under the title “Tibber Data Breach – Leaked, Download” in a well-known darknet forum. Among the stolen information is Email addresses, First name, last name, user name, zip code, city, order volume and order status/order day, order amounts as well as also incomplete address details.

However, neither complete addresses, payment or consumption data or passwords were compromised, according to the first official information from Tibbers. The discrepancy between the 243,000 records claimed by the hackers and the 50,000 affected customers claimed by Tibber could be due to multiple mentions or split records. However, there is currently no conclusive information here.

According to Tibber, he immediately initiated an investigation and filed a report with the Berlin police. Affected customers were informed about the data leak on Wednesday morning. Some affected people have contacted us so we can confirm this. Tibber has reported to the data protection authorities and is working with external data protection officers to keep the effects of the attack small. Now it is important to monitor further developments.

Right to information and claim for damages

On the basis of Art. 15 GDPR, users can request information from Tibber as to whether they have been affected by the data leak. If Tibber does not provide any information or provides incomplete information, this may result in a claim for damages in your favor under Art. 82 GDPR result. In addition, in the event of data leaks, other breaches of duty can always come into consideration Claims for damages have as a consequence.

BGH also positions itself clearly

The Facebook data leak is an example of such a claim. The Federal Court of Justice has only just positioned itself clearly in the oral hearing on the Facebook data leak and said: The mere loss of control over personal data is in itself damage under the GDPR!

If the person can demonstrate fears beyond just loss of control, that will only increase the damages. However, it is not a requirement for this. In doing so, the BGH is dismantling the high hurdles that other courts had sometimes set for GDPR damages. There will now finally be legal certainty – not only for those affected by the Facebook data leak, but for practically everyone affected by GDPR violations. Now it will be easier for millions of those affected to obtain non-material damages!