Hacker threatens to leak a rumoured huge cache of stolen Telefónica data
- A threat actor claims to have stolen 106GB of sensitive files from Telefónica
- Telefónica says the files were old, stolen from a previous incident
- A sample was shared with the media, with the full batch soon to follow
A cybercriminal is threatening to release more than 100GB of sensitive data stolen from Spanish telecommunications giant Telefónica.
In January 2025, the company suffered a data breach at the hand of the Hellcat ransomware operation. At the time, the group broke into the telco through an internal Jira development and ticketing server.
Among the members of the group is a threat actor with the alias Rey, who said that while Telefónica was addressing one flaw, it created another, giving them 12 hours of uninterrupted data exfiltration. During that time, which Rey claims was in late May 2025, they allegedly stole 106GB of sensitive files, counting more than 380,000 files of internal communications, purchase orders, logs, customer records, and various employee data.
Get 55% off Incogni’s Data Removal service with code TECHRADAR
Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.View Deal
Old incident, or a new one?
The hacker has released a small 2.6GB sample, and are threatening to release the whole thing unless a payment is made.
But Telefónica is downplaying the incident. Speaking to BleepingComputer, a Telefónica O2 employee said the data is old and that there was no new breach.
To prove the authenticity of the data, Rey shared a sample with BleepingComputer, including a file tree.
“Some of the files included invoices to business clients in multiple countries, including Hungary, Germany, Spain, Chile, and Peru,” the publication said.
“In the files we received there were email addresses for employees in Spain, Germany, Peru, Argentina, and Chile, and invoices for business partners or customers in European countries.”
While the data found in the sample is from 2021 and older, the publication did state that some of the emails it saw belonged to “active employees”.
“Since Telefonica has been denying a recent 106 GB breach containing data from its internal infrastructure, I am releasing 5 GB here as proof. Soon, I will publish the full file tree, and over the next few weeks, if Telefonica does not comply, the entire archive will be released. ;)” – Rey said.
You might also like
- Telefónica says it was hit by systems breach, internal data leaked online
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
