Telefónica Data Breach: Leak Allegedly Exposed on Hacker Forum

By Leakd.com Authors

January 09, 2025

Telefónica, one of the world's leading telecommunications companies headquartered in Madrid, Spain, has reportedly suffered yet another major data breach. According to post shared on a popular hacker forum, the leaked data includes sensitive information spanning customer details, internal documents, and operational records. Telefónica, provides services including fixed and mobile telephony, broadband internet, and digital television to millions of customers globally.

telefonica leak — Image: Post on a popular hacker forum

The leaked data allegedly includes:

236,493 lines of customer data, a total of 18,039 customers.
469,724 lines of internal ticket records.
Thousands of internal files, spanning formats such as CSV, PPTX, XLSX, DOCX, DOC, PDF, and MSG entities.

Origins of the Leak

The data was reportedly leaked in January 2025 and attributed to a group of threat actors using aliases such as @grep, @dna, @prx, and @Rey. These individuals are linked to the HELLCAT ransomware group, known for targeting major organizations and demanding high-stakes ransoms.

telefonica leak 2 — Image: screenshot of customer data

This is not the first time Telefónica has experienced a significant data security incident. In 2017, the company fell victim to the infamous WannaCry ransomware attack, which disrupted its operations and those of numerous other organizations worldwide. Telefónica was among the most high-profile victims, with the malware spreading rapidly through its network, encrypting files and demanding payment for their release. The breach highlighted weaknesses in their cybersecurity defenses at the time and prompted widespread scrutiny of their infrastructure. This history of vulnerabilities underscores the need for continued investment in robust security measures, particularly as the latest leak demonstrates that threat actors remain intent on exploiting Telefónica's systems.

telefonica leak 3 — Image: Internal documents

Lessons and Preventive Measures

This breach underscores the critical importance of robust cybersecurity measures. Organizations must:

Secure Internal Systems: Regularly audit access controls and secure sensitive operational data.
Monitor Threats: Actively monitor dark web and hacker forums for mentions of their data or vulnerabilities.
Educate Employees: Conduct regular training to prevent phishing and insider threats.

What Should Affected Individuals Do?

If you are a Telefónica customer or employee, consider taking the following steps:

Monitor Financial Accounts: Look for unauthorized transactions or activities.
Be Wary of Phishing: Avoid clicking on suspicious links or providing sensitive information online.
Enable Two-Factor Authentication: Strengthen account security by using multi-factor authentication where available.

This incident serves as a stark reminder of the ever-evolving threats in the digital age and the critical need for vigilance in cybersecurity practices.

As of now, Telefónica has not released an official statement addressing the allegations.