Telefonica Breach Exposes Jira Tickets, Customer Data

Telefonica, the multinational telecommunications company headquartered in Madrid, has confirmed that its internal systems were breached by hackers, leading to the theft of more than 236,000 lines of customer data and close to a half-million Jira tickets.

"We have become aware of unauthorized access to an internal ticketing system," Telefonica said in an emailed statement to media. "We are currently investigating the extent of the incident and have taken the necessary steps to block any unauthorized access."

Four threat actors posted an exfiltrated Jira database on the BreachForums Dark Web hacking community last week, claiming that it contains nearly 470,000 lines of internal ticketing data and more than 5,000 PDFs, Word documents, PowerPoints, and other documents.

Three of the four threat actors in question are believed to be a part of the Hellcat ransomware group.

Hudson Rock, a cybersecurity vendor that claims to have spoken with the threat actors, reported that the perpetrators used infostealer malware to compromise roughly 15 Telefonica employees and gain access to the system via their credentials. 

The vendor says that the breach has exposed 24,000 Telefonica employee emails and names as well as the Jira issues. The stolen documents also likely contain other confidential information.

"The data includes summaries of internal Jira issues, which can reveal sensitive operational details, project plans and vulnerabilities within Telefonica's infrastructure," Hudson Rock warned. "This poses a significant risk as it could be used to map out internal workflows and exploit weaknesses."