American utility firm Itron discloses breach of internal IT network
Itron discloses unauthorized access to internal IT systems in April 2026 cyberattack.
Summary
Utility technology company Itron, Inc. disclosed a cybersecurity incident on April 13, 2026, where an unauthorized third party accessed certain internal systems. The company activated its incident response plan, engaged external advisors, and notified law enforcement; the unauthorized activity has been blocked with no observed follow-up activity. While Itron's critical infrastructure operations (serving 7,700 customers managing 112 million endpoints across electricity, water, and gas networks) experienced no material disruption, the investigation into scope and impact remains ongoing.
Full text
American utility firm Itron discloses breach of internal IT network By Bill Toulas April 26, 2026 10:22 AM 0 Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law enforcement authorities, and engaged external advisors to support the investigation and incident containment. “On April 13, 2026, Itron, Inc. was notified that an unauthorized third party had gained access to certain of its systems,” the company says says in an 8-K filing with the U.S. Securities and Exchange Commission (SEC). “The company activated its cybersecurity response plan and launched an investigation with the support of external advisors to assess, mitigate, remediate, and contain the unauthorized activity.” The unauthorized activity has now been blocked, and the company stated that it has observed no follow-up activity. Itron is a Washington-based public company that provides utility technology products and services for energy and water resources management. The company is listed on NASDAQ, employs roughly 5,600 people, and in 2025 reported revenue of $2.4 billion. It serves 7,700 customers in 100 countries and manages 112 million endpoints. Itron’s business is interwoven with critical infrastructure such as electricity grids, water distribution, and gas networks. However, the company noted that in this case, business operations recorded no material disruption, and it does not currently expect any subsequent impact. Also, it expects a significant portion of incident-related costs to be covered by insurance. Itron has also noted that the unauthorized activity did not extend to customers. However, it’s important to note that the investigation into the incident’s scope and impact is still ongoing. No ransomware group has claimed the attack on Itron. BleepingComputer contacted Itron with a request for more details about the attack and will update this post once we hear back. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: European Gym giant Basic-Fit data breach affects 1 million membersNew Booking.com data breach forces reservation PIN resetsNearly 4,000 US industrial devices exposed to Iranian cyberattacksEurail says December data breach impacts 300,000 individualsHackers steal $3.6 million from crypto ATM giant Bitcoin Depot