Movistar Fined €300,000 for GDPR Violation in Spain On December 22, 2025, Spain’s Data Protection Agency (AEPD) imposed a €300,000 fine on Telefónica Móviles, operating as Movistar, for violating the EU’s General Data Protection Regulation (GDPR). The penalty stems from the unlawful processing of personal data during a mobile phone line transfer, where customer information was mishandled. The AEPD ruled that Movistar failed to comply with GDPR requirements, though the company has one month to appeal the decision. The case highlights ongoing regulatory scrutiny over telecom providers’ data handling practices under EU privacy laws. Full details of the ruling are available in the attached decision (in Spanish).

Cybercriminal Dedale Targets BarcelonaTelefónica, Leaks 1M Peruvian Customer Records BarcelonaTelefónica is probing a cyberattack by the threat actor Dedale, who claims to have accessed 22 million customer records—though the breach appears limited in scope. As proof, the attacker leaked a database containing one million records, primarily affecting users in Peru. The compromised data includes multiple entries per customer (e.g., names, ID numbers, addresses), meaning the incident does not equate to 22 million unique individuals being exposed. Telefónica confirmed that Spanish customers remain unaffected, as the breach is tied to its former Peruvian subsidiary. The attack surfaced after HackManac disclosed details on X (formerly Twitter). Notably, Dedale is demanding a $1,500 ransom—a fraction of typical extortion demands—raising questions about the attacker’s motives. The breach coincides with Telefónica’s recent sale of its bankrupt Peruvian operations to Integra Tec International for €900,000, finalized last month. Investigations are ongoing.

A cybercriminal known as Rey, part of the Hellcat ransomware operation, claims to have stolen 106GB of sensitive data from Telefónica in May 2025. The stolen data includes internal communications, purchase orders, logs, customer records, and various employee data. Rey has released a 2.6GB sample and is threatening to release the full batch unless a payment is made. Telefónica has downplayed the incident, stating that the data is old and there was no new breach.

WannaCry: The Ransomware Attack That Reshaped Global Cybersecurity On May 12, 2017, the WannaCry ransomware attack exploited a critical vulnerability in Microsoft Windows’ SMBv1 protocol (CVE-2017-0144, aka EternalBlue), infecting over 200,000 systems across 150 countries within hours. The malware, derived from an NSA-developed exploit leaked by the hacker group Shadow Brokers, spread autonomously as a worm, bypassing traditional phishing methods. Key targets included healthcare systems in the UK, telecommunications networks in Spain, and organizations in the U.S., China, Russia, and beyond. Once inside a system, WannaCry encrypted files and demanded a $300 Bitcoin ransom, escalating over time to pressure victims. Its lateral movement scanning and infecting unpatched systems without user interaction made it uniquely destructive. The attack was temporarily halted when security researcher Marcus Hutchins (MalwareTech) discovered and activated a "kill switch" by registering an unregistered domain hardcoded in the malware. This accidental mitigation slowed the spread but did not eliminate the threat. Investigations later linked WannaCry to North Korea’s Lazarus Group, underscoring how state-developed cyber tools can be repurposed for criminal use. The incident exposed systemic failures, including delayed patch management Microsoft had released a fix (MS17-010) in March 2017 and poor network segmentation, which allowed the worm to propagate unchecked. WannaCry’s legacy persists in modern cybersecurity practices, emphasizing the need for timely patching, network resilience, and international collaboration. Though not the most sophisticated ransomware, its global impact demonstrated the far-reaching consequences of unaddressed vulnerabilities and the risks of stockpiled cyber weapons.