Spanish telecommunications giant Telefonica has confirmed a significant breach of its internal systems, with attackers claiming to have stolen approximately 2.3 GB of sensitive data.
The breach, which targeted the company’s Jira ticketing system, has exposed critical internal and customer-related information.
Four individuals carried out the attack using aliases DNA, Grep, Pryx, and Rey. The group reportedly accessed Telefonica’s systems on January 9, 2025, using compromised employee credentials obtained through infostealer malware.
Cybersecurity firm Hudson Rock revealed that over 15 employees were initially compromised, with attackers employing sophisticated social engineering techniques to expand their access.
Notably, two employees with administrative privileges were targeted to facilitate brute-forcing SSH access to critical servers.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The leaked data includes:
- 236,493 lines of customer data, potentially exposing sensitive customer information.
- 469,724 lines of internal ticketing data, revealing operational workflows and potential vulnerabilities.
- Over 5,000 internal documents, including PDFs, Word files, and PowerPoint presentations, likely contain confidential strategic plans and communications.
The breach has also exposed the emails and names of 24,000 Telefonica employees and summaries of 500,000 Jira issues.
Experts warn that such details could be exploited for further phishing attacks or to map out vulnerabilities within Telefonica’s infrastructure.
Telefonica acknowledged the breach in a statement: “We have become aware of unauthorized access to an internal ticketing system.
We are investigating the extent of the incident and have taken steps to block any unauthorized access.” Password resets and other containment measures were implemented promptly.
The attackers are linked to the Hellcat ransomware group, which has been involved in other high-profile breaches. However, no extortion attempt was made; the data was leaked directly online.
This incident underscores growing cybersecurity challenges in the telecommunications sector. Analysts highlight weak password policies and widespread infostealer infections as contributing factors. In 2024 alone, over 500 Telefonica employee computers were reportedly infected by infostealers.
The breach serves as a stark reminder for organizations to strengthen endpoint security, enforce robust credential management policies, and educate employees on recognizing social engineering tactics.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!