Telefónica Company CyberSecurity Posture

telefonica.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Telefónica is today one of the largest telecommunications companies in the world in terms of market capitalisation and number of customers. We have the best infrastructure, as well as an innovative range of digital and data services; therefore, we are favorably positioned to meet the needs of our customers and capture growth in new businesses. We are sensitive to the new challenges demanded by society today and, therefore, we provide the means to facilitate communication between people, providing them with the most secure and cutting-edge technology. Our vision is focused on technology making people's lives easier and our aim is to promote progress in that direction, so that technology can make a positive impact on the world both socially and environmentally, and, ultimately, so as to provide value and trust in an ever-changing and accelerating world. Digital life is life itself, and technology is an essential part of being human. We want to create, protect and boost connections in life so people can choose a world of unlimited possibilities. We want to be a company in which our clients, employees, suppliers, shareholders, and society in general can trust. In order to achieve this, we communicate our strategy, business model and most relevant data to our stakeholders in a clear and transparent manner, so as to show the company's ability to create value.

Telefónica A.I CyberSecurity Scoring

Telefónica

Company Details

Linkedin ID:

telefonica

Website:

http://www.telefonica.com

Employees number:

119,880

Number of followers:

1,279,598

NAICS:

517

Industry Type:

Telecommunications

Homepage:

telefonica.com

IP Addresses:

160

Company ID:

TEL_2590753

Scan Status:

In-progress

AI scoreTelefónica Risk Score (AI oriented)

Between 550 and 599

https://images.rankiteo.com/companyimages/telefonica.jpeg
Telefónica Telecommunications
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreTelefónica Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/telefonica.jpeg
Telefónica Telecommunications
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Telefónica

Very Poor
Current Score
568
Ca (Very Poor)
01000
3 incidents
-86.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

JANUARY 2026
567
DECEMBER 2025
634
Breach
22 Dec 2025 • Telefónica Móviles: Telefónica Móviles fined €300,000 for GDPR data breach in Spain
Telefónica Móviles (Movistar) GDPR Violation Fine

**Movistar Fined €300,000 for GDPR Violation in Spain** On December 22, 2025, Spain’s Data Protection Agency (AEPD) imposed a €300,000 fine on Telefónica Móviles, operating as Movistar, for violating the EU’s General Data Protection Regulation (GDPR). The penalty stems from the unlawful processing of personal data during a mobile phone line transfer, where customer information was mishandled. The AEPD ruled that Movistar failed to comply with GDPR requirements, though the company has one month to appeal the decision. The case highlights ongoing regulatory scrutiny over telecom providers’ data handling practices under EU privacy laws. Full details of the ruling are available in the attached decision (in Spanish).

563
medium -71
TEL1766404766
Incident Details -
Type
Data Breach
Impact
Financial Loss: €300,000 Data Compromised: Personal data processed unlawfully during mobile phone line changes Brand Reputation Impact: Potential reputational damage due to GDPR violation Legal Liabilities: Regulatory fine imposed
Data Breach
Type Of Data Compromised: Personal data Sensitivity Of Data: High (GDPR-protected data) Personally Identifiable Information: Yes
Regulatory Compliance
GDPR Fines Imposed: €300,000 Legal Actions: Decision can be appealed within one month Regulatory Notifications: Spanish Data Protection Agency
Investigation Status
['Completed (decision issued)']
Post Incident Analysis
Root Causes: Unlawful processing of personal data during mobile phone line changes
References
Blog URL Source URL
NOVEMBER 2025
633
OCTOBER 2025
629
SEPTEMBER 2025
626
AUGUST 2025
623
JULY 2025
619
JUNE 2025
681
Breach
03 Jun 2025 • Telefónica and Movistar: A cyberattack affects millions of Telefónica customers, although the company claims none are in Spain.
Cyberattack on BarcelonaTelefónica by Dedale

**Cybercriminal Dedale Targets BarcelonaTelefónica, Leaks 1M Peruvian Customer Records** BarcelonaTelefónica is probing a cyberattack by the threat actor **Dedale**, who claims to have accessed **22 million customer records**—though the breach appears limited in scope. As proof, the attacker leaked a database containing **one million records**, primarily affecting users in **Peru**. The compromised data includes multiple entries per customer (e.g., names, ID numbers, addresses), meaning the incident does not equate to **22 million unique individuals** being exposed. Telefónica confirmed that **Spanish customers remain unaffected**, as the breach is tied to its former Peruvian subsidiary. The attack surfaced after **HackManac** disclosed details on **X (formerly Twitter)**. Notably, Dedale is demanding a **$1,500 ransom**—a fraction of typical extortion demands—raising questions about the attacker’s motives. The breach coincides with Telefónica’s recent sale of its bankrupt Peruvian operations to **Integra Tec International** for **€900,000**, finalized last month. Investigations are ongoing.

611
critical -70
MOVTEL1767881948
Incident Details -
Type
Data Breach
Motivation
Extortion
Impact
Data Compromised: 22 million customer records accessed, 1 million records leaked Identity Theft Risk: High
Data Breach
Full name ID number Address Number Of Records Exposed: 1 million records leaked (22 million accessed) Sensitivity Of Data: High (Personally Identifiable Information) Data Exfiltration: Yes Personally Identifiable Information: Yes
Investigation Status
['Ongoing']
References
Blog URL Source URL
MAY 2025
796
Ransomware
01 May 2025 • Telefónica
Telefónica Data Breach Incident

A cybercriminal known as Rey, part of the Hellcat ransomware operation, claims to have stolen 106GB of sensitive data from Telefónica in May 2025. The stolen data includes internal communications, purchase orders, logs, customer records, and various employee data. Rey has released a 2.6GB sample and is threatening to release the full batch unless a payment is made. Telefónica has downplayed the incident, stating that the data is old and there was no new breach.

679
critical -117
TEL732070725
Incident Details -
Type
Data Breach
Attack Vector
Internal Jira development and ticketing server
Vulnerability Exploited
null
Motivation
Ransom
Impact
Financial Loss: null Data Compromised: 106GB of sensitive files, including internal communications, purchase orders, logs, customer records, and employee data Systems Affected: Internal Jira development and ticketing server Downtime: null Operational Impact: null Conversion Rate Impact: null Revenue Loss: null Customer Complaints: null Brand Reputation Impact: null Legal Liabilities: null Identity Theft Risk: null Payment Information Risk: null
Response
Incident Response Plan Activated: null Third Party Assistance: null Law Enforcement Notified: null Containment Measures: null Remediation Measures: null Recovery Measures: null Communication Strategy: null Adaptive Behavioral Waf: null On Demand Scrubbing Services: null Network Segmentation: null Enhanced Monitoring: null
Data Breach
Type Of Data Compromised: Internal communications, purchase orders, logs, customer records, and employee data Number Of Records Exposed: 380,000 files Sensitivity Of Data: Sensitive Data Exfiltration: 106GB Data Encryption: null File Types Exposed: Invoices, email addresses, internal communications, purchase orders, logs, customer records, and employee data Personally Identifiable Information: Email addresses, invoices for business partners or customers
Regulatory Compliance
Regulations Violated: null Fines Imposed: null Legal Actions: null Regulatory Notifications: null
Lessons Learned
null
Recommendations
null
Investigation Status
null
Customer Advisories
null
Stakeholder Advisories
null
Initial Access Broker
Entry Point: Internal Jira development and ticketing server Reconnaissance Period: null Backdoors Established: null High Value Targets: null Data Sold On Dark Web: null
Post Incident Analysis
Root Causes: null Corrective Actions: null
References
Blog URL Source URL
APRIL 2025
796
MARCH 2025
796
FEBRUARY 2025
796

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Telefónica is 568, which corresponds to a Very Poor rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for December 2025 was 634.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 633.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 629.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 626.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 623.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 619.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 681.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 679.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 796.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 796.

Over the past 12 months, the average per-incident point impact on Telefónica’s A.I Rankiteo Cyber Score has been -86.0 points.

You can access Telefónica’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/telefonica.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Telefónica’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/telefonica.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.