The largest personal data leak in history

The mobile network operator, the Spanish company Telefonica, has been the victim of its own mistakes in the security of the online client panel of the Movistar sub-operator, of which it owns. The error found and reported by one of the buyers of the Movistar service was reported to a Spanish non-profit organization specializing in the protection of personal data and consumer rights (FACUA). School and primitive error caused leakage of personal data and consisted in obtaining access to the billing information of Movistar customers. The invoices contained full details and place of residence, the name of the bank from which the payment was made and the entire history of previous payments.

In short, anyone who had an account in the online panel on the Movistar website, could view the personal data of other registered users by manipulating the URL address in which the invoices were saved unencrypted. Such an error could have been used for the mass collection of personal data. It is not known how long the gap was present in the system. FACUA called this incident the largest security hole in the history of telecommunications in Spain. Telefonica is also the owner of other commercial brands, O2 and Vivo - and it is also unknown if their clients are at risk of disclosing personal data.

Telefonica notified customers about the problem on Sunday (July 15), and an update of the online panel was added on Monday. In addition, according to the new GDPR / RODO rules, Telefonica may be subject to a fine of 10 to 20 million euros or a fine of 2% to 4% of annual turnover.

Not in the same way, but also in Poland there were leaks of personal data of clients of very large companies: Play operators, Areo2 and bank customers. All this took place even before May 25, 2018, that is, the date of application of the new directives on the protection of personal data. Now all European companies are obliged to immediately notify the incident to the service buyers no later than 72 hours after the data leak.

Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.