Spanish telecoms giant Telefonica is investigating a suspected cybersecurity attack after hackers posted what appeared to be sensitive customer information on an internet forum. The breach, which the company announced on Tuesday, has prompted angry questions about personal information security, particularly for customers in Peru.
A hacker group calling themselves “Dedale” laid claim to the attack, proclaiming to be in possession of a database with 22 million Telefonica customers. As evidence of their claims, the group posted a one million-record sample that Telefonica has provisionally traced to former subscribers in Peru.
The news comes only two months after Telefonica has completed the sell off of its operations in Peru to Argentinean firm Integra Tec International. However, the leaked data seems to date back to when Telefonica was operating in the South American country.
Telefonica said it was investigating the reported breach and seeking to establish the authenticity and extent of the leaked data. The kind of data supposedly exposed included full names, national ID numbers and mobile phone numbers, which triggered immediate concerns about potential misuse such as SIM-swapping attacks and unsanctioned surveillance.
This is the latest in a string of cyber attacks against telecommunications companies worldwide, demonstrating the growing capabilities of attackers and the importance of strong security in the industry.
Security experts are calling for more aggressive security measures such as investing in advanced cybersecurity tools, conducting vulnerability checks and having well-developed incident response plans.
As it looks into the details around the reported data breach, Telefonica said, there is an effort underway to clarify the scope of event and minimize the potential impact on people affected.
The incident is a stark reminder for telecoms everywhere of the persistent threat of cyber attacks, even over divested assets, as well the criticality of proactive data protection and privacy practices.
