The hacker group “Dedale” has claimed responsibility, asserting that it holds data on roughly 22 million Telefónica customers
Spanish telecommunications giant Telefónica revealed that is has launched an investigation into a potential cyberattack following the online release of sensitive data allegedly belonging to one million of its former customers in Peru. The hacker group “Dedale” has claimed responsibility, asserting that it holds data on roughly 22 million customers.
“We are investigating an alleged security breach. The sample released by the actor, which comprises 1 million records, seems to correspond to customers in Peru,” a Telefónica spokesperson told Reuters.
The breach comes just two months after Telefónica finalized its exit from the Peruvian market, selling its local unit to Integra Tec International for €900,000 ($1.03 million). Despite that sale, the data appears to be from the company’s former operations in the country. Telefónica is currently working to verify the authenticity of the leaked records.
A pattern of global attacks
Telefónica’s incident is the latest in a growing series of cyberattacks targeting telecommunications providers across the globe.
In October 2024, several major U.S. operators — including Verizon, AT&T and Lumen — were infiltrated by a Chinese hacking group identified as Salt Typhoon. According to a U.S. security official quoted by the Post, the Salt Typhoon group was apparently targeting legal federal requests for wiretaps, also known as lawful intercept, but also had broader network access, which means it could also have had access to more general internet traffic.
And just two months ago, South Korean telecom leader SK Telecom (SKT) suffered a breach impacting approximately 23 million customers — nearly half the population of South Korea. The leaked data included mobile numbers, authentication keys, and other personally identifiable information, raising concerns about SIM-swapping attacks and unauthorized surveillance. SKT responded with public apologies, SIM card replacements, and upgraded fraud monitoring measures.
A call for stronger defenses
These back-to-back incidents underscore a sobering reality: as telecom operators become more digitally sophisticated, so do their attackers. The sector’s role in transmitting both personal and national security data makes it a prime target for cybercriminals and state-backed groups alike.
Industry leaders and regulators are now calling for more aggressive security postures. In the U.S., the Salt Typhoon breach prompted a strong response from the Federal Communications Commission (FCC).
“While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” FCC Chairwoman Jessica Rosenworcel said. “The cybersecurity of our nation’s communications infrastructure is essential to promoting national security, public safety and economic security. As technology continues to advance, so do the capabilities of adversaries.”
As Telefónica and others respond to these high-profile breaches, experts warn that telecom companies must act urgently to protect their networks. That includes investing in advanced cybersecurity tools, conducting ongoing vulnerability assessments, and creating robust incident response plans. Cross-border collaboration — between governments, telecoms, and security agencies — will also be crucial in identifying and neutralizing threats before they can escalate.
For Telefónica, the Peru data leak may prove to be a cautionary tale about the long cybersecurity shadow cast by divested assets. For the global telecom industry, it’s yet another reminder that no operator is immune — and that proactive cybersecurity is no longer optional, but foundational.
