tibber.com
Nov 1, 2024
In November 2024, the Norwegian electricity provider Tibber was breached by threat actor @888. Over 50,000 German customers were exposed, with data including full names, email addresses, geographic locations (city, postal code), order history, and spend amounts. The data was sourced from Tibber's online store and contained approximately 126,160 lines of records with 50,003 unique email addresses. The breach was reported by German media outlets including Heise and PV Magazine.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
Tibber__Info.txt5 columns10 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | fullName | high | [0] header 'Name', values are full German names (e.g., 'Marcel Dennhardt', 'Bettina Kallenberg') |
| 4 | high | [4] header 'E-Mail', values are email addresses with @ signs (e.g., [email protected]) | |
| 9 | city | high | [9] header 'Stadt' (German for 'city'), values are German city names (e.g., 'Schöningen', 'Pinneberg', 'Hamburg') |
| 10 | state | high | [10] header 'Region' (German administrative region), values are German state/region codes or names |
| 11 | zip | high | [11] header 'Postal Code', values are 5-digit German postal codes (e.g., 38364, 25421, 53332) |
Notes: Tibber 2024 breach: German electricity provider. File contains 50,003 unique customer records with names, emails, and geographic locations. Columns 1 (Benutzername/username—all empty), 2-3 (timestamps), 5-8 (transaction/financial data) are non-PII. Country column [8] is 'DE' for all rows (skip: constant value, not PII). Total of 5 PII columns identified.
Tibber__data__de-customers-1.csv5 columns41,126 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | fullName | high | [0] header 'Name', values are complete person names (e.g., 'Marcel Dennhardt', 'Bettina Kallenberg') |
| 4 | high | [4] header 'E-Mail', values are valid email addresses with @ symbols (e.g., '[email protected]') | |
| 8 | country | high | [8] header 'Country / Region', values are ISO country codes ('DE') |
| 9 | city | high | [9] header 'Stadt' (German for 'city'), values are German city names (e.g., 'Schöningen', 'Hamburg', 'Berlin') |
| 11 | zip | high | [11] header 'Postal Code', values are 5-digit German postal codes (e.g., '38364', '25421') |
Notes: Tibber 2024 breach — German customer records. Columns [1] 'Benutzername' (username) is empty in samples and excluded. Columns [2] 'Last Active' and [3] 'Sign Up' are timestamps (skip). Columns [5] 'Bestellungen' (order count) and [6] 'Total Spend' and [7] 'AOV' are financial/transactional data (skip). Column [10] 'Region' is empty in samples (skip). 5 PII columns identified: fullName, email, country, city, zip.
Tibber__data__de-customers-2.csv5 columns50,026 rows
File structure
Format: CSV·Delimiter: comma·Has header: yes·Quote: "
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| 0 | fullName | high | [0] header 'Name', values are complete German names (first + last) |
| 4 | high | [4] header 'E-Mail', values contain @ and are valid email addresses | |
| 8 | country | high | [8] header 'Country / Region', values are 'DE' (country code) |
| 9 | city | high | [9] header 'Stadt' (German for 'city'), values are German city names |
| 11 | zip | high | [11] header 'Postal Code', values are 5-digit German postal codes |
Notes: 12 columns total, 5 contain PII. Columns 1, 2, 3, 5, 6, 7, 10 are skipped (username empty/non-standard, timestamps, transaction counts/amounts, AOV, and empty Region column). Tibber breach context confirms German customer data with name, email, city, postal code, and order history.