A hacker claiming to be “Rey,” a member of the notorious Hellcat Ransomware group, has begun leaking a portion of what they allege is 106GB of data stolen from Spanish telecommunications giant Telefónica. The hacker asserts this is a new breach that occurred on May 30, 2025, a claim Telefónica has largely dismissed as an attempt at extortion using outdated information.
The leaked sample, weighing in at 2.6GB (uncompressing to 5GB), contains over 20,000 files, purportedly including internal communications, purchase orders, internal logs, customer records, and employee data. Rey stated that they had 12 hours of uninterrupted access to Telefónica’s systems, attributing the alleged new breach to a Jira misconfiguration following a previous incident in January 2025, also linked to the Hellcat group. In that earlier breach, 2.3GB of data from an internal Jira ticketing system was exposed.
While Telefónica has not issued an official statement regarding this specific alleged breach, a representative from Telefónica O2 in the UK and Germany reportedly dismissed the claims, suggesting the data was from a previously known incident. However, cybersecurity researchers examining the newly leaked files have found email addresses belonging to active Telefónica employees, which could lend credence to the hacker’s assertion of a more recent compromise.
The ongoing situation raises significant concerns for Telefónica and its vast customer base across Europe and Latin America. If confirmed, a breach of this magnitude could have severe repercussions, including potential regulatory fines under GDPR, reputational damage, and an increased risk of phishing and other social engineering attacks against both employees and customers.
This incident is the latest in a series of cyberattacks targeting major telecommunications providers globally, highlighting the persistent and evolving threat landscape. Cybersecurity experts are urging telecom companies to enhance their defenses, implement robust incident response plans, and conduct continuous vulnerability assessments to protect sensitive data and maintain customer trust. The full extent of the alleged breach and its implications remain to be seen as the hacker threatens to release the entire 106GB archive if Telefónica does not “comply.”
