What Happened
On March 5, 2026, Eni’s domain eni.com was reported as breached, with BreachSense attributing the incident to Lapsus$ and listing the leak size as unknown. Other 2026 reporting around Eni’s French operations describes an alleged database leak containing about 89,000 records of B2B customer/account data—including names, email addresses, company names, customer references, account status, login timestamps, and related profile information—though researchers noted duplicates may mean the true count was lower. The exposed data appears aimed at business accounts rather than consumer energy customers, and while no payment-card data was reported in the sample, the information could support phishing and social-engineering attacks against affected organizations.
