Telefónica confirms breach of their internal Jira ticketing system
Learn More
Spanish telecommunications giant Telefónica has confirmed a security breach affecting their internal Jira ticketing system. The incident resulted in unauthorized access and data exfiltration.
The breach occurred through the compromise of employee credentials, which were used to access an internal Jira development and ticketing server. The system was used by Telefónica for reporting and resolving internal issues. The unauthorized access was detected and blocked through password resets on the affected accounts.
Four individuals using the aliases DNA, Grep, Pryx, and Rey have claimed responsibility for the breach. Three of the attackers (Grep, Pryx, and Rey) are known to be members of the Hellcat Ransomware operation, a group previously linked to a breach of Schneider Electric's JIRA server. The attackers did not attempt to contact or extort Telefónica before leaking the data online.
Data Impact The breach resulted in the exfiltration of approximately 2.3 GB of data, including:
- Internal documents
- Support tickets
- Various operational data
- Email communications from @telefonica.com addresses
Telefónica has not disclsed if any customer data was potentially exposed. The hackers claim that the breach has exposed 24,000 Telefonica employee emails and names, and 500,000 Jira issues and summaries.
Telefónica has confirmed the incident and is actively investigating its scope. The company has implemented security measures to block any further unauthorized access to the system. The investigation into the full extent of the breach is ongoing.
