Ransomware cyber

Telefónica

Jul 7, 2025 1 min read
Telefónica

A cybercriminal known as Rey, part of the Hellcat ransomware operation, claims to have stolen 106GB of sensitive data from Telefónica in May 2025. The stolen data includes internal communications, purchase orders, logs, customer records, and various employee data. Rey has released a 2.6GB sample and is threatening to release the full batch unless a payment is made. Telefónica has downplayed the incident, stating that the data is old and there was no new breach.

Source: https://www.techradar.com/pro/security/hacker-threatens-to-leak-a-rumoured-huge-cache-of-stolen-telefonica-data

TPRM report: https://scoringcyber.rankiteo.com/company/telefonica

"id": "tel732070725",
"linkid": "telefonica",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Telecommunications',
                        'location': 'Spain',
                        'name': 'Telefónica',
                        'type': 'Telecommunications Company'}],
 'attack_vector': 'Internal Jira development and ticketing server',
 'data_breach': {'data_exfiltration': '106GB',
                 'file_types_exposed': 'Invoices, email addresses, internal '
                                       'communications, purchase orders, logs, '
                                       'customer records, and employee data',
                 'number_of_records_exposed': '380,000 files',
                 'personally_identifiable_information': 'Email addresses, '
                                                        'invoices for business '
                                                        'partners or customers',
                 'sensitivity_of_data': 'Sensitive',
                 'type_of_data_compromised': 'Internal communications, '
                                             'purchase orders, logs, customer '
                                             'records, and employee data'},
 'description': 'A threat actor claims to have stolen 106GB of sensitive files '
                'from Telefónica. The company asserts the files were old and '
                'stolen from a previous incident. A sample was shared with the '
                'media, with the full batch soon to follow.',
 'impact': {'data_compromised': '106GB of sensitive files, including internal '
                                'communications, purchase orders, logs, '
                                'customer records, and employee data',
            'systems_affected': 'Internal Jira development and ticketing '
                                'server'},
 'initial_access_broker': {'entry_point': 'Internal Jira development and '
                                          'ticketing server'},
 'motivation': 'Ransom',
 'ransomware': {'data_exfiltration': '106GB', 'ransomware_strain': 'Hellcat'},
 'references': [{'source': 'BleepingComputer'}],
 'threat_actor': 'Hellcat ransomware operation, alias Rey',
 'title': 'Telefónica Data Breach Incident',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.