Hacker claims millions affected in Claro, Movistar breach — Claro calls it fake

Last updated: 4 June 2025
Claro data breach
Image by Cybernews

A hacker has claimed to be sitting on tens of millions of stolen telecom records from Claro and Movistar. Claro rejects breach claims.

A threat actor on a well-known underground marketplace claims to be selling a dataset allegedly containing 15 million records tied to telecom giant Claro, specifically its Peruvian customer base.

The sample data shared with the listing includes:

ADVERTISEMENT
  • ID card type
  • ID card number
  • Full names of customers
  • Emails
  • Some account data

Claro Movil, a major telecommunications brand owned by Mexico-based América Móvil, operates in 18 countries across Latin America and the Caribbean. The company provides millions of customers with mobile voice, data, and internet services.

While the breach claims sound significant, it's not unusual for threat actors to repackage old data dumps. It’s still unclear whether this is a fresh breach or recycled data dressed up as new.

Claro's information security team told Cybernews that they have not indicated any attacks or breaches.

"We have reviewed the information and can confirm that it is fake."

A Claro representative said.
Claro data breach
Screenshot from the hacker forum. Source: Cybernews

The same attacker claims to have Movistar data, too

The same threat actor also claims to have compromised data belonging to Movistar, another telecom giant, affecting nearly 21 million users.

Movistar, owned by Spain’s Telefónica, operates across Spain and much of Latin America. It’s the largest provider of landline, broadband, mobile, and pay-TV services in Spain, and the second-largest wireless carrier in Mexico.

The attacker says the leaked data includes:

ADVERTISEMENT
  • Phone numbers
  • ID types and numbers
  • Full names

However, the credibility of this claim is questionable. The post initially labeled the data as being from Spanish users, but forum users quickly noted inconsistencies, pointing out that the dataset appears to originate from Peru. Others chimed in, suggesting it’s simply an old leak being recycled.

Cybernews reached out to Movistar for a comment, but again, a response has yet to be received.

Movistar data breach
Screenshot from the hacker forum. Source: Cybernews

Another post by the same attacker claims to be selling the Social Security data of 11 million US citizens, including:

  • IP addresses
  • Full names
  • Full address
  • Phone numbers
  • SSN
  • DoB
  • Drivers license info
  • Monthly income

“The threat actor never explicitly claims this is from a recent breach, which raises a red flag. It’s entirely possible this is an old data dump being recycled for attention,” said a Cybernews researcher.

Updated on June 4th with Claro statement.

US social security data breach
Screenshot from the hacker forum. Source: Cybernews
Ernestas Naprys vilius Paulina Okunyte Gintaras Radauskas
Don’t miss our latest stories on Google News.
Google News Follow us
ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Google may drop its latest devices at the end of this summer
Modern misogyny: AI advises women to seek lower salaries than men
Meta AI leak gave access to AI prompts and answers from other users
TikTok, AliExpress, and WeChat violate EU privacy laws, data protection group claims
Three-person IVF helps prevent inherited diseases, scientists say
China-linked hackers ramp up attacks on Taiwan’s chip industry, researchers report
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked