Cybercriminal Dedale Targets BarcelonaTelefónica, Leaks 1M Peruvian Customer Records
BarcelonaTelefónica is probing a cyberattack by the threat actor Dedale, who claims to have accessed 22 million customer records—though the breach appears limited in scope. As proof, the attacker leaked a database containing one million records, primarily affecting users in Peru.
The compromised data includes multiple entries per customer (e.g., names, ID numbers, addresses), meaning the incident does not equate to 22 million unique individuals being exposed. Telefónica confirmed that Spanish customers remain unaffected, as the breach is tied to its former Peruvian subsidiary.
The attack surfaced after HackManac disclosed details on X (formerly Twitter). Notably, Dedale is demanding a $1,500 ransom—a fraction of typical extortion demands—raising questions about the attacker’s motives. The breach coincides with Telefónica’s recent sale of its bankrupt Peruvian operations to Integra Tec International for €900,000, finalized last month. Investigations are ongoing.
Movistar (Telefónica Hispam) cybersecurity rating report: https://www.rankiteo.com/company/movistar-telefonica-hispam
Telefónica cybersecurity rating report: https://www.rankiteo.com/company/telefonica
"id": "MOVTEL1767881948",
"linkid": "movistar-telefonica-hispam, telefonica",
"type": "Breach",
"date": "6/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users in Peru (up to 22 million '
'records)',
'industry': 'Telecommunications',
'location': 'Peru',
'name': 'Movistar Peru (formerly Telefónica Peru)',
'type': 'Subsidiary'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '1 million records leaked (22 '
'million accessed)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Full name',
'ID number',
'Address']},
'description': 'BarcelonaTelefónica is investigating a cyberattack carried '
'out by cybercriminal Dedale, through which he allegedly '
'gained illicit access to 22 million customer records. The '
'perpetrator has leaked, as evidence, a database with one '
'million records. The leaked database contains data from users '
'in Peru, and the company assures that this attack would not '
'affect customers in Spain.',
'impact': {'data_compromised': '22 million customer records accessed, 1 '
'million records leaked',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$1,500 (€1,314)'},
'references': [{'source': 'HackManac'}],
'threat_actor': 'Dedale',
'title': 'Cyberattack on BarcelonaTelefónica by Dedale',
'type': 'Data Breach'}