Spanish telecommunications giant Telefónica confirmed a security breach of its internal ticketing system after stolen data appeared on a cybercrime forum known as Breach Forums.
Four hackers, operating under the aliases DNA, Grep, Pryx, and Rey, claimed responsibility for compromising Telefónica's internal Jira development and ticketing server. The attackers reportedly used stolen employee credentials to access the system and extract approximately 2.3 GB of documents, tickets, and other sensitive information.
According to Pryx, one of the alleged attackers, the group did not attempt to contact Telefónica or demand ransom before publishing the data online. Three of the hackers - Grep, Pryx, and Rey - are reportedly connected to a new ransomware operation called Hellcat Ransomware, which recently targeted Schneider Electric in a similar attack.
Telefónica, which operates in twelve countries and employs over 104,000 people, has launched an investigation into the incident. The company has already taken defensive measures, including blocking unauthorized access and resetting passwords for affected accounts.
While the full extent of the breach remains unclear, the leaked data appears to contain internal tickets created using @telefonica.com email addresses, potentially including customer-related information. The attack reportedly involved Fortinet, a key component of Telefónica's network infrastructure.
This incident marks another cybersecurity challenge for Telefónica, which previously experienced a major data breach in July 2018 affecting millions of customers. The company continues to investigate the current situation while maintaining normal operations, with its official website remaining functional.
The telecommunications sector remains a prime target for cybercriminals, highlighting the ongoing need for robust security measures to protect critical infrastructure and sensitive data.