Itron Discloses Unauthorized Access to Corporate Systems; Customer Platforms Remain Unaffected

Itron, Inc. (NASDAQ: ITRI) officially disclosed a cybersecurity incident today, April 24, 2026, following the discovery of unauthorized activity within its internal corporate information technology environment. The breach, which was first identified by the company’s security operations center on April 13, 2026, prompted the immediate activation of Itron’s cybersecurity response plan. In a formal statement released this morning, the Liberty Lake, Washington-based company confirmed that an unauthorized third party gained access to certain corporate systems, leading to the temporary isolation of affected network segments.

Upon detection of the intrusion, Itron engaged leading external cybersecurity forensic experts to assist in a comprehensive investigation and remediation effort. The company also notified federal law enforcement agencies and is coordinating with them to identify the source and methodology of the attack. Technical analysis conducted over the last eleven days indicates that the unauthorized access was limited to the company’s internal administrative networks. Itron has implemented a series of containment measures, which included taking specific business applications and internal servers offline to prevent further lateral movement by the threat actor.

A primary focus of the disclosure was the status of Itron’s customer-facing infrastructure. The company stated that, as of April 24, there is no evidence that the unauthorized activity extended to its customer-hosted systems or managed services environments. This includes the Itron Riva edge intelligence platform and the company’s various Advanced Metering Infrastructure (AMI) solutions. These systems, which are critical for utility operations and grid management, continue to operate without reported disruption. Itron’s software-as-a-service (SaaS) platforms and data collection services remain secure, and the company has not observed any compromise of customer data or utility network integrity.

While the investigation into the scope of the data accessed within the corporate environment is ongoing, Itron has begun the process of restoring affected internal systems from secure backups. The company has also enforced a global password reset for all employees and contractors and deployed additional endpoint detection and response (EDR) tools across its corporate fleet. Itron’s internal IT teams are currently conducting a phased restoration of enterprise resource planning (ERP) systems and internal communication channels that were deactivated during the initial response.

Itron provides energy, water, and smart city solutions to more than 8,000 customers in over 100 countries. With an installed base of nearly 200 million modules and sensors, the security of its infrastructure is a critical component of global utility operations. The company has committed to providing further technical updates as the forensic investigation yields more specific information regarding the duration of the unauthorized access and the specific nature of the systems impacted.