Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Telefonica Calls Authorities after Massive Breach

The Netherlands-based Telecompaper reported that Telefonica, a top-10 telecom vendor based in Spain that delivers telecom services across more than 20 countries, was hit by a major security breach. Personal customer data of millions of its clients was possibly exposed in the breach. The company reportedly said the flaw was fixed and that the breach was reported to the authorities.

Information exposed by the breach was reported to have included customers' fixed-line and mobile numbers, their full names, national ID numbers, home addresses, banks and call and data records.

Though the company does not yet know the full extent of the breach, the data exposed in the security breach reportedly could be downloaded by a hacker. “Surprisingly, the Telefonica customer data was easily downloadable as an unencrypted spreadsheet,” said Pravin Kothari, founder and CEO of CipherCloud.

“Moral of the story? Cyber-attackers will get into any network sooner or later. End-to-end encryption would have provided safe harbor for Telefonica if they used it to protect the data. With encryption there would be no breach to report under GDPR as stolen encrypted data would be unusable,” said Kothari.

With GDPR in effect, Telefonica must now comply with the notification and follow-up mandates. “This sort of data exposure is why so many organizations who transact with customers online – from the banking and finance sector to e-com and major retailers – are layering in advanced security solutions, such as passive biometrics and behavioral analytics,” said Ryan Wilk, vice president of customer success, NuData Security, a Mastercard company.

“In doing so, they’re shifting from 'let's make our company a bunker for everyone' to 'let's leave the bunker for risky users only.' They do so by using technology that doesn't rely on data that could have been exposed in a breach, thus preventing post-breach damage. Passive biometrics technology cannot be mimicked by hackers and helps break the chain of perpetual fraud that grows whenever customer data is breached and stolen,” said Wilk.

What’s Hot on Infosecurity Magazine?