TotalEnergies investigates alleged data breach after hackers post customer records online

TotalEnergies is assessing claims of a large-scale data breach after a hacking group alleged it obtained a database containing nearly 184 million records and began posting purported customer information publicly on the social media platform X. The company has not confirmed a breach.

The claims surfaced on a cybercrime forum commonly used to advertise and trade stolen data, where the attackers announced what they described as an extensive cache of customer records tied to TotalEnergies. The group later published screenshots and sample records on X that appear to display personal customer information. The authenticity of the data has not been verified.

The attackers assert that the exposed information includes email addresses, client identification numbers, bank account numbers, home addresses, phone numbers and other personal details. The material shared publicly suggests the records may originate from TotalEnergies’ French customer portal used for energy utility registrations. If verified, such exposure could heighten risks of identity theft, phishing and financial fraud for affected individuals.

TotalEnergies is one of the world’s largest energy producers, operating across oil, gas, electricity and renewable energy markets. The Paris-based company reported revenue approaching $200 billion, placing it among the industry’s largest global players. The company has been contacted for comment and has not yet issued a public statement addressing the claims.

The hacking group, identifying itself as HawkSec, has actively promoted the alleged data in recent days. Its activity drew warnings from administrators of the data leak forum for failing to comply with forum rules, a pattern that may indicate urgency to sell the material or limited experience handling large data leaks.

HawkSec has also claimed responsibility for other recent intrusions involving major brands, including assertions of obtaining tens of millions of records from Discord and more than one million records linked to Orange Rwanda. Neither organization has confirmed a data breach.

As of now, the legitimacy and scope of the alleged TotalEnergies data exposure remain unconfirmed. The situation continues to evolve as the company evaluates the claims and the material circulating online.