Hackers breach Telefónica's internal ticketing system, stealing 2.3GB of data
Free Trial

Capacity Media is part of techoraco, techoraco Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 15236387.

Copyright © techoraco and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Cookies Settings
News

Hackers breach Telefónica's internal ticketing system, stealing 2.3GB of data

Ben Wodecki
January 14, 2025 09:56 AM
News Images - 2025-01-14T095201.347.png

Telefónica is the latest global operator to be targeted by bad actors after hackers breached its internal ticketing system.

BleepingComputer reports that Telefónica admitted its systems had been breached, with the operator “currently investigating the extent of the incident”.

Telefónica said it has taken “necessary steps to block any unauthorised access” to the Jira-based ticketing server used by the operator for reporting internal issues.

Subscribe today for free

The connectivity news and insights that matter - straight to your inbox

Four attackers, Pryx, Grep, Rey, and DNA, made off with around 2.3 GB, according to posts on the hacking site BreachForums.

In a post on the site, Pryx revealed the quartet breached Telefónica’s platform using stolen employee credentials, gaining access to documents and support tickets, some of which referenced customer-related data.

The attackers failed to demand any ransom for the data, meaning the motive could align with the rise of hackers attacking companies and instead publishing stolen information if their victims fail to acknowledge the incident within 48 hours.

A group of hackers known as Hellcat Ransomware group, which recently emerged with such motives, with Schneider Electric as one of its earlier victims. The group also previously referred to themselves as the International Contract Agency (ICA), a name they appropriated from the shadow organisation from the Hitman video game series.

Notably, Telefónica hasn’t publicly commented on the breach bar a statement to BleepingComputer. Capacity has contacted the operator for comment.

In a blog post, cybersecurity software provider SentryBay said the Telefónica breach highlighted the need for businesses to adopt endpoint isolation technologies to reduce the risk of credential theft and regularly audit employee credentials to identify vulnerabilities.

“To mitigate risks and protect sensitive systems, businesses must adopt proactive cybersecurity solutions that isolate endpoints and prevent credential-based exploits,” the post reads.

Telefónica is the latest in a string of attacks on telco operators. The most prominent was the recent Salt Typhoon attacks, in which Chinese-linked hackers targeted US brands including Verizon, AT&T, and T-Mobile.

RELATED STORIES

Telefónica Germany testing quantum tech to shore up mobile network security

New US bill would force telcos to fortify defences after Salt Typhoon attacks

FBI warns Chinese hackers are targeting telcos in major espionage campaign

Topics

NewsFraud and SecurityCyber Security
Ben Wodecki
Ben Wodecki
Senior Reporter Capacity Media
Contact
More from across our site
Load More
Gift this article
capacitymedia-logo-white.png

Never miss a story again

Subscribe to Capacity today to receive daily insights into the developments and ideas shaping the global connectivity industry.
Subscribe