Movistar Peru data leak
A database containing roughly 22 million records on Movistar Peru customers — DNI numbers, names, birth dates, and addresses collected between 2016 and 2018 — circulated freely on hacking forums over the December holiday break.
- Victim
- Movistar Peru (Telefónica del Perú)
- records
- 22.0M
- users
- 22.0M
Over the December 2024 holiday break, a database containing roughly 22 million records tied to customers of Movistar Peru — the local Telefónica subsidiary — circulated freely on cybercrime forums, becoming one of the largest exposures of Peruvian personal data on record.
What happened
As researchers tracking holiday-period dark-web activity reported, threat actors shared the Movistar dataset openly rather than selling it, in a wave of free data dumps over the break. The CSV files reportedly covered a collection window of roughly 2016 to 2018, suggesting the data was extracted from older customer or billing systems.
The leak emerged at a sensitive moment: Telefónica had been in the process of divesting its Peruvian operations, and the appearance of a multi-million-record database drew immediate national attention.
Impact
The exposed fields reportedly included:
- National identification numbers (DNI).
- Full names and dates of birth.
- Physical addresses and Ubigeo location codes (Peru's geographic coding system).
- Mobile phone numbers and contracted plan details.
Analysts stressed that, while the data dated from 2016–2018, the most damaging fields — DNI numbers, dates of birth, and names — are static identifiers that rarely change, keeping the data useful to fraudsters years later. The combination of phone numbers and identity documents is especially dangerous for SIM-swapping attacks, in which criminals impersonate a victim to a carrier, hijack the phone number, and intercept the SMS codes used to authorize bank transfers.
A note on the numbers
Telefónica observed that the 22 million figure refers to records, not unique customers — a single subscriber can appear across multiple rows — so the true number of distinct individuals affected is lower. The authenticity and provenance of the dataset were examined rather than fully confirmed by the operator, though the volume and structure were consistent with genuine telecom customer data.
Why it matters
The Movistar Peru leak highlighted the long tail of risk in telecom data retention: records gathered nearly a decade earlier resurfaced to threaten millions. Coming weeks after the Interbank breach, it reinforced a broader pattern of large-scale exposure of Peruvian DNI-linked data across both the financial and telecom sectors — fueling concern about the cumulative risk of identity fraud and SIM-swapping in a country where the DNI is the backbone of digital and financial identity verification.
Timeline
The leaked dataset's collection window begins; records span roughly 2016 to 2018.
Around the December holiday break, a dataset of about 22 million Movistar Peru records is shared on hacking forums.
Researchers note the dump includes DNI numbers, names, birth dates, addresses, and Ubigeo location codes.
Analysts warn the data enables SIM-swapping and identity-fraud attacks given Peru's reliance on DNI for verification.
Telefónica notes the figure refers to records rather than unique customers; authenticity of the dataset is examined.
Sources
- darkreading.comhttps://www.darkreading.com/cyberattacks-data-breaches/cybercriminals-freely-share-millions-of-stolen-records-over-holiday-break
- brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-the-alleged-database-of-movistar-peru-is-leaked/
- escudodigital.comhttps://www.escudodigital.com/en/cybersecurity/movistar-peru-data-breach-impacts-4-million-users.html
- 4imag.comhttps://4imag.com/movistar-hit-by-data-breach-impacting-22-million-customers/