A significant cyber incident has emerged involving the Spanish telecommunications giant Telefónica, as a hacker known as ‘Rey’ claims to have leaked 106 GB of internal data. The hacker is purportedly affiliated with the Hellcat Ransomware group, which has a history of targeting JIRA servers at high-profile organizations. This breach allegedly occurred on May 30, with the hacker stating they had uninterrupted access to Telefónica’s systems for a total of 12 hours before being blocked.
The initial demonstration of the breach involved a 2.6 GB file, which is said to unpack into approximately 20,000 files totaling 5 GB. The leaked data reportedly includes sensitive internal communications, purchase orders, logs, customer records, and employee information. Rey claimed to have exfiltrated 385,311 files containing these details as part of the breach, further asserting that a misconfiguration of JIRA facilitated access.
Despite the serious nature of these allegations, Telefónica has not publicly acknowledged the incident. Telefónica O2 is the company’s brand for its operations in the U.K. and Germany.
The hacker insists that the information being leaked is evidence of a new breach rather than outdated data from previous incidents. They have warned that unless Telefónica complies with their demands, further releases of the stolen data will continue in the coming weeks. The files leaked so far have been shared via various cloud services, though those links have reportedly faced removal due to legal concerns.
This incident highlights an ongoing trend in cybercrime, particularly in the targeting of corporate data repositories, as the Hellcat group has previously claimed responsibility for breaches affecting other companies, including Ascom and Schneider Electric. Analysts suggest that robust measures must be instituted by organizations to secure their data infrastructure and prevent such breaches from occurring in the future.