Telefónica's Movistar Suffers Massive Data Breach in Venezuela, Exposing Millions of Customers

Movistar, a subsidiary of Spanish telecoms company Telefónica SA, has suffered a massive data leak in Venezuela, exposing the personal data of 3.2 million customers, according to a non-profit organization. The data includes names, IDs, addresses, and phone numbers, which were posted online by a hacker attempting to sell the information. This incident highlights the vulnerability of digital communications in Venezuela and raises concerns about the government's surveillance of citizens.

A local non-profit organization has reported a significant data leak from Movistar, a subsidiary of Spanish telecoms giant Telefónica SA, in Venezuela. The leak exposed the personal data of approximately 3.2 million customers, including names, IDs, addresses, and phone numbers, which were posted online by a hacker seeking to sell the information [1]. This incident underscores the vulnerability of digital communications in Venezuela and raises concerns about the government's surveillance practices.

The data breach occurred despite the ongoing efforts of Telefónica SA to enhance its cybersecurity measures. The company has been actively working to mitigate the impact of the leak and is cooperating with local authorities to investigate the incident. Telefónica SA has not yet released a detailed statement regarding the breach, but it has assured customers that it is committed to protecting their personal information.

The data leak comes at a time when Venezuela is grappling with various economic and political challenges. The country has been under U.S. sanctions, which have had a significant impact on its economy. The data breach has further exacerbated concerns about the security of digital communications in the country and the potential for government surveillance.

In response to the data breach, the U.S. Department of Justice (DOJ) has issued a final rule to implement Executive Order 14117, aimed at preventing access to Americans' sensitive personal data by countries of concern, including Venezuela [3]. The rule, which took effect on April 8, 2025, sets forth prohibitions and restrictions on certain data transactions that pose national security risks. Telecommunications providers in the U.S. must closely review their services involving data transactions with countries of concern to ensure compliance with the rule.

The data breach at Movistar highlights the need for robust cybersecurity measures in Venezuela and the importance of protecting personal data. As the country continues to face economic and political challenges, it is crucial for the government and private sector to work together to enhance cybersecurity and protect citizens' privacy.

References:

[1] https://www.threads.com/@bloombergbusiness/post/DJE-ipdufQh/a-local-non-profit-reported-a-massive-data-leak-from-spains-telefonica-sa-subsid
[3] https://www.womblebonddickinson.com/us/insights/alerts/dojs-data-security-program-final-rules-effective-implications-telecom-providers