The recent alleged cyberattack on Telefónica, one of the world’s largest telecommunications companies based in Spain, has raised concerns about the potential compromise of sensitive data and the motives behind the attack. According to reports, an unidentified hacker claimed unauthorized access to Telefónica, which is currently up for sale, and gained access to Fortinet, a key component of the firm’s network infrastructure.
As of now, details regarding the extent of the data breach and the nature of the data compromised remain undisclosed. While the company’s official website appears to be fully functional, doubts have been raised about the accuracy of the alleged cyberattack on Telefónica.
Efforts to verify the authenticity of the claim have been made by The Cyber Express team. However, attempts to receive an official response from the targeted organization have been unsuccessful, leaving the alleged cyberattack unverified.
This is not the first time Telefónica has faced cybersecurity challenges. In November 2022, the Spanish telecommunications giant experienced a cyberattack, prompting the company to urge its customers to change their Wi-Fi passwords to secure their networks. The impact of the previous cyberattack on users was not specified, but the firm assured customers that no sensitive personal data had been compromised.
In addition to previous cyberattacks, Telefonica had fallen victim to a ransomware attack in May 2017, resulting in the shutdown of 85% of its systems. The perpetrators demanded a ransom of US$550,000 in Bitcoin, affecting almost 9 out of 10 devices. Despite the substantial disruption, the company clarified that no sensitive personal data was compromised. Speculations at the time pointed to China as the potential origin of the cyberattack.
The recent cyberattack on Telefónica is part of a broader trend of escalating cyber threats against telecommunications companies globally. In January 2024, Thuraya Telecommunications, the largest international mobile satellite service provider based in the UAE, faced a cyberattack allegedly orchestrated by the hacking group Anonymous Sudan. Additionally, a cyber-espionage group linked to Iran’s intelligence service targeted telecommunications companies in Egypt, Sudan, and Tanzania.
Notably, the telecom sector has witnessed a surge in cyberattacks in recent times. Celcom, Malaysia’s oldest mobile telecommunications provider, faced a security breach with the sale of its source code by a threat actor for $4,000. Orange, a telecommunications giant, encountered a cyberattack on its Spanish unit, causing disruptions in internet services in early January. These incidents highlight the vulnerability of critical infrastructure to malicious cyber activities.
In response to the increasing threats, various regulatory bodies are contemplating cybersecurity reforms. The Telecom Regulatory Authority of India (TRAI) is considering a significant overhaul of cybersecurity measures. The Ministry of Defence has been invited to collaborate on drafting policies and regulations, particularly those related to the use of Artificial Intelligence (AI) in handling big data within the telecommunications sector.
As the telecommunications industry faces evolving cyber threats, companies are under pressure to fortify their cybersecurity defenses and collaborate with regulatory bodies to establish robust frameworks for safeguarding critical infrastructure. The latest incident at Telefónica serves as a reminder of the persistent and evolving nature of cyber threats in the digital age.