American energy technology company Itron has confirmed it was hit by a cyberattack in mid-April 2026, with hackers gaining access to some of its internal systems before being expelled.
Itron disclosed the breach in a legally required filing with the U.S. Securities and Exchange Commission late on Friday. The company said it was “notified” that an intruder had accessed its systems, though it did not identify who provided that notification. Itron said it has since seen no signs of further intrusions and has also notified law enforcement.
The Liberty Lake, Washington-based company did not specify the nature of the attack — including whether ransomware was involved or whether hackers made direct contact. Itron said it found no unauthorized activity in the “customer-hosted portion of its systems,” suggesting the breach may be limited to its own IT network.
Itron provides internet-connected utility meters and energy management technology — covering water, gas, and electricity — to more than 110 million homes and businesses. Its customers include cities and municipalities, and it operates in over 100 countries.
The company said it activated contingency plans and data backups, and that operations have “continued in all material respects.” However, Itron warned it may need to file additional regulatory notifications, which may indicate a data breach occurred and could trigger obligations under state data breach notification laws.
Given the scale of Itron’s reach across critical utility infrastructure, the incident may carry broader implications for the cities, municipalities, and businesses that rely on its systems. A spokesperson for Itron did not respond to a request for comment at the time of reporting.
Source: TechCrunch