A hacker is threatening to leak 106GB of data allegedly stolen from Spanish telecommunications company Telefónica in a breach that the company did not acknowledge. The hacker claiming responsibility for the attack is known as "Rey" and is a member of the Hellcat Ransomware group - responsible for another breach at Telefónica in January through an internal Jira development and ticketing server. The threat actor has leaked a 2.6GB archive that unpacks into five gigabytes of data with a little over 20,000 files to prove that the breach occurred. Rey shared with BleepingComputer a sample and file tree of the data allegedly stolen from Telefónica on May 30. Until Telefónica provides an official statement, it is unclear if this is a new breach consisting of old data. Rey told BleepingComputer that they exfiltrated 385,311 files totaling 106.3GB of internal communications (e.g. tickets, emails), purchase orders, internal logs, customer records, and employee data. In the files we received there were email addresses for employees in Spain, Germany, Peru, Argentina, and Chile, and invoices for business partners or customers in European countries. “Since Telefonica has been denying a recent 106 GB breach containing data from its internal infrastructure, I am releasing 5 GB here as proof. The only response we received came from a Telefónica O2 employee, who dismissed the alleged incident as an extortion attempt using outdated information from a previously known incident. The breach allegedly occurred on May 30 and the hacker claims they had 12 hours of uninterrupted data exfiltration before defenders revoked access. BleepingComputer tried on multiple occasions since June 3rd to reach out to Telefónica over email. Some of the files included invoices to business clients in multiple countries, including Hungary, Germany, Spain, Chile, and Peru.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 04 Jul 2025 15:15:14 +0000