Spanish telecommunications giant Telefónica has confirmed a breach of its internal ticketing system after sensitive data was leaked on a hacking forum.
The multinational company, operating in 12 countries and employing over 104,000 people, acknowledged the incident in an email to BleepingComputer and stated that it is actively investigating the scope of the breach.
“We have become aware of unauthorized access to an internal ticketing system which we use at Telefónica,” the company stated. “We are currently investigating the extent of the incident and have taken the necessary steps to block any unauthorized access to the system.”
The breach appears to have targeted Telefónica’s internal Jira ticketing system, a development and support platform used to report and resolve internal issues. The attack was reportedly carried out using compromised employee credentials, which allowed the attackers to scrape approximately 2.3 GB of data, including documents and tickets.
While some of the leaked data was labeled as customer-related, reports indicate that the tickets were created using @telefonica.com email addresses, suggesting that the tickets may have been submitted on behalf of customers rather than directly by them.
The breach was claimed by four hackers using aliases DNA, Grep, Pryx, and Rey. One of the attackers, Pryx, revealed to BleepingComputer that no extortion demands were made before leaking the data. Telefónica has since blocked the attackers’ access by performing password resets on the compromised accounts.
