Telefónica Breach Leaves Data on Millions Exposed (Jul 16, 2018)
The Spanish telecommunications company “Telefónica” has confirmed that it was the target of a cyber-attack on June 16, 2018. The attack resulted in a data breach in which unknown threat actors were able to access a variety of Personally Identifiable Information (PII) belonging to “Movistar” (Telefónica’s broadband, landline, and pay-television service) customers. The exposed data consists of associated banks, addresses, call records, names, national ID numbers, and telephone numbers, among others. The data was found to be downloadable as an unencrypted spreadsheet. This is important to note because now that the Global Data Protection Regulation (GDPR) law is in effect because it mandates that data must be protected by end-to-end encryption. Therefore, Telefónica may be subject to a significant fine and, at the very least, will be subject to customer notifications regarding the data breach and follow-up in a potentially expensive manner.
Recommendation: The exposure of Personally Identifiable Information (PII) requires affected individuals to take precautionary measure to protect their identity and their finances. Identity theft services can assist in preventing illicit purchases, or applying for financial services from taking place by actors using stolen data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.