Cyber Incident Victim: Telekom Slovenije

On February 1, 2025, Telekom Slovenije publicly disclosed a cyberattack targeting its support system for incident management and troubleshooting. The company stated it immediately implemented containment measures upon detecting the intrusion, preventing further spread or continuation of the attack. Telekom emphasized no compromise of customer communication records or subscriber databases occurred during the breach. The organization collaborated with law enforcement and cybersecurity experts to investigate the incident but withheld technical details citing investigative sensitivities. While Telekom asserted the integrity of core customer data, external reports emerged contradicting this claim shortly after the disclosure.

Concurrently, Finance media outlet reported the appearance of 385 Telekom-related files for sale on dark web platforms, allegedly containing subscriber personal data including physical addresses, telephone numbers, and IP addresses. The leaked dataset also included contractual partner information, delivery receipts, work orders for new subscriber installations, and records of customers redeeming promotional benefits. Highway speeding violation footage and operational documents from Telekom's Kosovo-based subsidiary IPKO comprised significant portions of the exposed data. Attackers had not issued ransomware demands as of the report date. Telekom maintained its cooperation with authorities throughout the investigation but did not publicly confirm or deny the dark web data's authenticity. The incident marked Slovenia's second major corporate cyber intrusion within 15 months, following the November 2023 attack on Holding Slovenske elektrarne.