Movistar Peru Customer Data Allegedly Leaked in 4 Million-Record Breach
A threat actor has claimed to possess a database containing approximately 4 million records tied to Movistar Business Portal in Peru, posting details on a dark web forum. The leaked data, if authentic, includes customers’ full names, mobile numbers, identity documents, birth dates, and technical details of their telecommunications plans.
While the legitimacy of the breach remains unconfirmed, security experts warn that such information could fuel spam campaigns, phishing attacks, and phone scams, particularly if attackers impersonate Movistar’s technical support to extract passwords or financial data. The exposed details also heighten the risk of SIM swapping, where cybercriminals use stolen identity documents and phone numbers to duplicate SIM cards and hijack bank accounts.
The incident involves Movistar Peru, which was sold by Telefónica Hispanoamérica S.A. to Argentine firm Integra Tec for €900,000 in 2023. The sale was part of Telefónica’s broader divestment strategy in Latin America, following financial losses in Peru and other regional markets, including Uruguay, Ecuador, and Argentina. The company has since signaled plans to exit additional Latin American operations, including Colombia, Chile, and Mexico.
Telefónica Hispanoamérica S.A. TPRM report: https://www.rankiteo.com/company/movistar-telefonica-hispam
Movistar Peru TPRM report: https://www.rankiteo.com/company/movistar-perú
"id": "movmov1777552293",
"linkid": "movistar-perú, movistar-telefonica-hispam",
"type": "Breach",
"date": "4/2026",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '4 million',
'industry': 'Telecommunications',
'location': 'Peru',
'name': 'Movistar Peru',
'type': 'Telecommunications Company'}],
'data_breach': {'number_of_records_exposed': '4 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Full names',
'Mobile numbers',
'Identity documents',
'Birth dates',
'Technical details of '
'telecommunications plans']},
'description': 'A threat actor has claimed to possess a database containing '
'approximately 4 million records tied to Movistar Business '
'Portal in Peru, posting details on a dark web forum. The '
'leaked data includes customers’ full names, mobile numbers, '
'identity documents, birth dates, and technical details of '
'their telecommunications plans. The incident could fuel spam '
'campaigns, phishing attacks, phone scams, and SIM swapping '
'risks.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure',
'data_compromised': '4 million records',
'identity_theft_risk': 'High (SIM swapping, phishing, and '
'impersonation risks)',
'systems_affected': 'Movistar Business Portal (Peru)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Allegedly posted on a '
'dark web forum'},
'investigation_status': 'Unconfirmed',
'references': [{'source': 'Dark web forum post'}],
'title': 'Movistar Peru Customer Data Allegedly Leaked in 4 Million-Record '
'Breach',
'type': 'Data Breach'}