Massive European Power Grid Failure Calls for Critical Infrastructure Cybersecurity

On April 28, 2025, a massive power outage struck Spain, Portugal, and parts of France, disrupting life across the Iberian Peninsula. The blackout began at 12:33 CEST and led to the sudden loss of 15 gigawatts of electricity, causing cascading failures across interconnected grids. While power was restored to most areas within 10 hours, some regions remained down for nearly 22 hours, with full recovery in Spain by 11:00 CEST on April 29. Portugal’s grid was also stabilized by early the next day using hydropower, gas turbines, and emergency imports from Morocco and France.

Even though initial logs led Red Eléctrica and REN to dismiss the likelihood of a power grid cyberattack, one must question how conclusive such findings truly are. Digital manipulation knows few limits, and skepticism remains warranted. Cybersecurity for power grids has never been more crucial.

Experts believe that even if this incident wasn’t an attack, it speaks volumes about the rising cyber threats to infrastructure. Modern grids rely heavily on digitized systems, making them more vulnerable to hackers. A single point of failure; whether from malware or manipulated data can trigger nationwide outages.

And it’s not just critical infrastructure at risk. In May 2025, Coinbase Global, the leading American cryptocurrency exchange, experienced a massive insider-assisted data breach involving over 69,000 customers. A few overseas support agents were bribed to share sensitive internal data, which included personal identifiers, ID images, and account balances. While passwords and private keys remained safe, the leaked data exposed users to serious phishing threats, impersonation scams, and even potential physical safety risks. The hackers even demanded a $20 million ransom.

This breach wasn’t caused by malware, but by insiders. It signifies how trusted access can be exploited to devastating effect. If it can happen in a highly regulated, security-aware environment like a cryptocurrency exchange, the energy sector must ask: are we truly prepared for a similar breach?

This isn't a distant fear. In Ukraine, on December 23, 2015, hackers used malware known as BlackEnergy 3 to take control of SCADA (Supervisory Control and Data Acquisition) systems, cutting power to over 230,000 people. That attack, attributed to the Russian group “Sandworm”, was the first confirmed cyberattack on a power grid, and it changed how the world views SCADA system security and preventing cyberattacks on national infrastructure.

These attacks typically begin with phishing or infected files, giving attackers access to corporate networks. From there, they move into operational technology systems, where they can disable substations, disrupt communications, and destroy recovery tools.

Cyberattacks don’t always begin with external breaches. The Coinbase data breach is a perfect case study . The attackers didn’t need malware or network infiltration. Instead, they bribed support staff who had legitimate access to internal systems. Over months, they quietly siphoned off sensitive information that could fuel identity theft, scams, and extortion.

This same scenario, applied to critical infrastructure, could result in manipulated control systems, delayed incident detection, or even a denial of recovery. It’s a sobering reminder that securing critical infrastructure isn’t just about firewalls and malware detection, it’s about controlling access, encrypting data, and monitoring human behavior.

To combat such threats, encryption for businesses is crucial. It ensures that sensitive data and system commands remain secure, even if networks are compromised. Encryption blocks unauthorized access and tampering, forming a critical layer of defense. It also verifies the authenticity of control messages, preventing hackers from injecting malicious commands. Additionally, encrypted file security, logs, and backups help ensure systems can be safely restored without further compromise.

For organizations in the energy sector, investing in cybersecurity solutions for the energy sector and strong business data protection measures is no longer optional—it’s essential.