Telefonica Breach Exposes Jira Tickets, Customer Data

Telefonica, the multinational telecommunications company headquartered in Madrid, has confirmed that its internal systems were breached by hackers, leading to the theft of more than 236,000 lines of customer data and close to a half-million Jira tickets.
"We have become aware of unauthorized access to an internal ticketing system," Telefonica said in an emailed statement to media. "We are currently investigating the extent of the incident and have taken the necessary steps to block any unauthorized access."
Four threat actors posted an exfiltrated Jira database on the BreachForums Dark Web hacking community last week, claiming that it contains nearly 470,000 lines of internal ticketing data and more than 5,000 PDFs, Word documents, PowerPoints, and other documents.
Three of the four threat actors in question are believed to be a part of the Hellcat ransomware group.
Hudson Rock, a cybersecurity vendor that claims to have spoken with the threat actors, reported that the perpetrators used infostealer malware to compromise roughly 15 Telefonica employees and gain access to the system via their credentials.
The vendor says that the breach has exposed 24,000 Telefonica employee emails and names as well as the Jira issues. The stolen documents also likely contain other confidential information.
"The data includes summaries of internal Jira issues, which can reveal sensitive operational details, project plans and vulnerabilities within Telefonica's infrastructure," Hudson Rock warned. "This poses a significant risk as it could be used to map out internal workflows and exploit weaknesses."
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
UK domain registry Nominet confirms breach via Ivanti zero-day
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-244 Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CWE-1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
CWE-146 Improper Neutralization of Expression/Command Delimiters
CWE-555 J2EE Misconfiguration: Plaintext Password in Configuration File
CWE-454 External Initialization of Trusted Variables or Data Stores
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
Free online web security scanner