The Spanish telecommunications giant Telefónica has confirmed a breach of its internal ticketing system following the publication of stolen data on a hacker forum. As the largest telecom operator in Spain, operating under the Movistar brand, the company is actively investigating the incident.
According to Telefónica, the breach involved unauthorized access to its Jira system, a platform used for managing internal tasks and incidents. The attack was executed using compromised employee credentials. In response, the company has implemented a password reset and restricted access to the system to prevent further leaks.
The hackers responsible for the attack claim to have stolen approximately 2.3 GB of data, including documents, tickets, and other sensitive information. While some of the data is reportedly linked to customers, the tickets were allegedly submitted by employees using corporate email addresses ending in “@telefonica.com.” One participant in the attack stated that there were no attempts to blackmail or contact the company.
The breach came to light after Telefónica’s Jira database was uploaded to a hacker forum. Among the attackers, using aliases such as DNA, Grep, Pryx, and Rey, three are linked to the recently emerged Hellcat Ransomware group. This group was previously responsible for breaching the Jira server of Schneider Electric, stealing 40 GB of data.
