Telefónica, one of Europe’s largest telecommunications providers, is facing a cybersecurity crisis after a hacker claimed to have exfiltrated a vast trove of sensitive company data. The threat actor, operating under the alias “Rey” and associated with the Hellcat Ransomware group, has threatened to release the entire cache of stolen information unless the company meets undisclosed demands.
Incident Overview
The breach reportedly occurred on May 30, 2025, when the attacker exploited a misconfiguration in Telefónica’s Jira development and ticketing server—an issue that had previously facilitated unauthorized access to the company’s internal systems earlier in the year. According to statements made by the hacker, this vulnerability provided a 12-hour window for data exfiltration before the intrusion was detected.
The hacker claims to have obtained approximately 106GB of data, comprising around 385,000 files. To substantiate these claims, a 2.6GB sample archive (expanding to 5GB when unpacked) containing over 20,000 files has been released publicly.
Nature of the Stolen Data
The stolen data is said to include a wide range of sensitive information, such as:
- Internal communications, including emails and support tickets
- Purchase orders and financial documents
- Internal system logs
- Customer records
- Employee data
Telefónica’s Response
Despite the gravity of the situation, Telefónica has not yet issued an official statement regarding the breach. Journalists and cybersecurity experts have made multiple attempts to contact the company for comment, but as of this writing, no response has been received.
In previous incidents involving similar vulnerabilities, Telefónica confirmed breaches and implemented remedial actions, such as blocking unauthorized access and resetting affected credentials. It remains unclear what specific steps, if any, the company has taken in response to this latest threat.
