Telefónica, the largest telecom operator in Spain under the Movistar brand, has confirmed that its internal ticketing system was hacked and data was stolen. The company is currently conducting an investigation into the incident, which was made public on the Khaker Forum.
Unauthorized access to the Jira system, used for internal task and incident management, was achieved through compromised employee accounts. In response, Telefónica reset passwords and blocked access to the system to prevent further leaks.
The hackers responsible for the attack claimed to have stolen approximately 2.3 GB of data, including documents, tickets, and other information. While some of the data was customer-related, the tickets appeared to have been accessed by employees using corporate email addresses @Telefonica.com. The hackers have stated that they have not attempted to blackmail or contact the company.
The breach came to light after the Jira Telefónica database was published on the Haker Forum. Among those involved in the attack, using aliases such as DNA, GREP, PRYX, and Rey, three are linked to the emerging group Hellcat Ransomware. This same group was responsible for hacking the JIRA server of Schneider Electric in a previous incident where 40 GB of data was stolen.