Telefonica Breach
News | 07/18/2018

Telefonica Breach: Millions of Customers’ Personal Details Exposed

About: Spanish telecom giant Telefonica- one of the largest telecommunication Provider, recently suffered a data breach that compromised the personal as well as financial information of millions of its customers. Let us read more about this data bre...  Read More  

| News | Telefonica Breach: Millions of Customers’ Personal Details Exposed

Telefonica- A Spanish Operator and one of the world’s largest telecommunication providers recently suffered a security breach that led to the exposure of personal data of millions of customers.

The alleged breach came to light after a Movistar (A major telecommunication brand owned by Telefonica) user discovered the vulnerability and reported the same to FACUA- a non- profit, non- government organization that works for customer Rights Protection.

Telefonica Hacked

Loopholes in the design of Movistar online customer portal allowed any person with a Movistar account to view personal information of any other user. Movstar’s invoice web page url contained an alpha numeric ID.  Modifying this ID could lead to the access of the billing data of other customers. As the invoice holds personal details as well, access to the bill led to the exposure of personal data of millions of customers including:

  • Name
  • Landline and Mobile numbers
  • Address
  • Billing History
  • Bank details
  • Records of calls and other information
  • All of this information could be downloaded in files with CSV format.

Telefonica breach involved accessing users’ data arbitrarily without involving high level of technical expertise. However, the vulnerability could have been utilized to design a program to collect information of numerous customers from the operator’s system and then analyze it.

Penalty imposed as a result of Telefonica Breach

After the vulnerability was discovered and reported to FACUA- a Spanish consumer forum, the organization filed a complaint with the Spanish Agency for Data Protection (AEPD).

The Spanish Data Protection Agency is a government organization responsible for users’ personal data protection. AEDP is also responsible for enforcing EU’s newly introduced GDPR rules.

As per new data protection regulation GDPR, the fine for non- compliance of data protection regulations or data breach would be up to 4 percent of company’s Global annual turnover or 20 million Euros ($23.5 million) — whichever amount is larger.

However, as per Spain’s data protection law these fines are limited to between €300,000 and €600,000 which is comparatively less. FACUA has therefore called on the Spanish government to update the regulation.

Telefonica has updated all the competent authorities about the breach and alleged that no fraudulent access has been detected so far.

Hits: 98

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866