Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack.
The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law enforcement authorities, and engaged external advisors to support the investigation and incident containment.
“On April 13, 2026, Itron, Inc. was notified that an unauthorized third party had gained access to certain of its systems,” the company says says in an 8-K filing with the U.S. Securities and Exchange Commission (SEC).
“The company activated its cybersecurity response plan and launched an investigation with the support of external advisors to assess, mitigate, remediate, and contain the unauthorized activity.”
The unauthorized activity has now been blocked, and the company stated that it has observed no follow-up activity.
Itron is a Washington-based public company that provides utility technology products and services for energy and water resources management.
The company is listed on NASDAQ, employs roughly 5,600 people, and in 2025 reported revenue of $2.4 billion. It serves 7,700 customers in 100 countries and manages 112 million endpoints.
Itron’s business is interwoven with critical infrastructure such as electricity grids, water distribution, and gas networks.
However, the company noted that in this case, business operations recorded no material disruption, and it does not currently expect any subsequent impact. Also, it expects a significant portion of incident-related costs to be covered by insurance.
Itron has also noted that the unauthorized activity did not extend to customers. However, it’s important to note that the investigation into the incident’s scope and impact is still ongoing.
No ransomware group has claimed the attack on Itron. BleepingComputer contacted Itron with a request for more details about the attack and will update this post once we hear back.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
