Movistar Venezuela suffers major data breach, exposing client info

A local non-profit reported a massive data leak from Spain’s Telefonica SA subsidiary in Venezuela, Movistar, which exposed the personal data of millions of clients, highlighting the vulnerability of the country’s digital communications.

Names, identity numbers, locations and phone numbers of 3.2 million Movistar clients in Venezuela were published in an online forum, as a self-declared hacker tried to sell the information, according to an analysis of the data by VE Sin Filtro, a Venezuelan non-governmental organization focusing on Internet restrictions, cybersecurity and censorship.

A preliminary evaluation of a random sample suggests the data is real, Andres Azpurua, the NGO’s director, said in a phone interview. Movistar Venezuela hasn’t publicly discussed the data breach. A representative for the company said the matter is under investigation.

The incident isn’t unprecedented. Last year, VE Sin Filtro reported that Digitel — another large telecommunications operator in Venezuela — suffered a ransomware attack that exposed clients’ personal information. Although the company denied the breach, it did confirm an incident that didn’t affect services.

The Movistar breach is taking place amid heightened surveillance by President Nicolas Maduro’s government, which uses digital communications data to track down political opponents. Telefonica reported that in 2021, authorities ordered the intervention of nearly 1.6 million phone lines, or 20% of the company’s users. Most requests came from police, military and intelligence entities, Telefonica said.

Movistar clients are now at risk of scams and other forms of illegal activity as a result of the leak, Azpurua said.

“Movistar Telefonica is a Spanish company,” said human-rights activist Luis Carlos Diaz. “It should adhere to European data protection standards because it must guarantee the security of its users everywhere.” Bloomberg