The Hellcat ransomware group has claimed responsibility for the attack, stating they stole customer data, ticket data, and thousands of files from Telefonica.

Interestingly, the attackers did not attempt to extort Telefonica prior to leaking the data online, as they posted the compromised information without any prior contact.

Cybersecurity firm Hudson Rock reported that the attackers used custom infostealer malware to compromise the credentials of approximately 15 employees, allowing them access to the company's Jira platform.

This incident underscores the rising cyber threats facing global telecommunications companies, particularly in light of previous breaches.

The attackers specifically targeted employees with administrative privileges to extract server details for brute-forcing SSH access, indicating a well-planned operation.

The breach was facilitated through compromised employee credentials obtained via infostealer malware and social engineering techniques.

The breach exposed sensitive information, including the names and emails of 24,000 employees, as well as 5,000 internal documents and detailed summaries of Jira issues that could compromise operational security.

Telefonica, the largest telecommunications firm in Spain, has confirmed a significant data breach involving its internal Jira ticketing system, resulting in the theft of over 236,000 lines of customer data and nearly 500,000 Jira tickets.

The leaked data raises concerns about potential phishing attacks and the exposure of sensitive operational details, security weaknesses, and strategic plans.

In response to the breach, Telefonica is currently investigating the incident's scope and has implemented measures to secure its systems against further unauthorized access.

Despite the breach, Telefonica has assured that residential customers were not affected, and the company's official website remains operational.

With operations in twelve countries and a workforce of over 104,000, Telefonica's reputation is at stake following this significant security incident.