Movistar, the Spanish telecommunications company owned by Telefónica, has suffered a data breach that has resulted in the exposure of the personal information of 22 million users, including their names, National Identity Documents (DNI), telephone numbers and service plans, among other data, which are now for sale on the “dark web.”
This has been made known by the cybersecurity company HackManac, which monitors and verifies cyberattacks in real-time and which has identified this supposed data breach exposed on a “dark web” forum called DarkForums, as shared in a publication on X.
The hacking of the telecommunications company is attributed to a threat actor who calls himself Dedale, who claims to possess a database that contains information of around 22 million clients of Movistar, mostly from Perú.
Moreover, the data breach occurred just after Telefónica sold in April its Peruvian subsidiary to the firm Integra Tec International for 900,000 euros. This incident also underscores the growing vulnerability of telecom companies to large-scale cyberattacks, particularly in regions where digital infrastructure may be less robust or cybersecurity governance is weaker.
Specifically, according to the publication of the malicious actor, the breached dataset includes personal information such as the clients’ DNIs, telephone numbers, contracted service plans and the status updates of their subscriptions.
Likewise, hackers have allowed any user to download a sample of one million records as proof of the data breach.
The amount of hacked customers could be inflated
Movistar has not confirmed this data breach, nor has it detailed whether it has identified any violation of its systems.
Nonetheless, Telefónica admits that it is investigating the data breach, clarifying that although the threat actor claims it involves data from 22 million users, the figure actually refers to records, a distinction that could affect the estimated volume of leaked information since a single client may have multiple records (such as full name, DNI, address, etc.).
Likewise, with respect to the sample of one million records shared as a test, Telefónica points out that it contains data of users in Perú, although it is not ruled out that the database includes information of users from other countries.
This is the latest attack on Spanish users’ personal data, after earlier in the year, HackManac also claims that the Spanish anti-spam telephone list (the Robinson List) of half a million users was breached.
This is important as public institutions such as the Spanish Tax Authorities, the Traffic Administration (DGT) and the Public Employment Service (SEPE) have been the target of hacking attempts in recent years. According to the DGT, data from 27 million drivers was sold this year in specialised forums. Additionally, in 2021, SEPE suffered two large-scale cyberattacks that completely paralysed its services for several days.
