Itron Detects Unauthorized Access on Internal Systems, Confirms Customer-Hosted Assets Unaffected

Itron, a U.S. provider of smart meters, grid analytics and water‑management technology, employs roughly 4,987 people and posted about $2.37 billion in revenue for 2025. Its products are embedded in critical energy and water infrastructure, making any breach a potential risk to essential services.

- On April 13, 2026, Itron received notification that an unauthorized third party had accessed certain internal systems. - The company activated its incident response plan, engaged external cybersecurity experts, and notified law enforcement. - No unauthorized activity was observed in the customer‑hosted portion of its systems, which host utility‑grade applications. - Itron states that operations continue largely unaffected thanks to contingency plans and backups, and expects insurance to cover much of the incident’s cost. - The specific attack vector, exploited vulnerability, or threat actor has not been publicly disclosed; no ransomware group has claimed responsibility.

For defenders, the incident underscores the importance of segmenting corporate IT from operational technology environments. Even when attackers penetrate internal networks, proper isolation can prevent them from reaching systems that directly control critical infrastructure.