ShellCodeX
Tools • Events • News • Insights
ShellCodeX Breach Report

Phone House España Data Breach

phonehouse.es
Significant exposure
Verified breach
Accounts exposed 5,223,350
Breach date 08 Apr 2021
Added to tracker 22 Apr 2021
Data classes 7

What happened

In April 2021, the Spanish retailer Phone House allegedly suffered a ransomware attack that also exposed significant volumes of customer data. Attributed to the Babuk ransomware, a collection of data alleged to be a subset of a larger corpus was posted to a dark web site and contained 5.2M email addresses along with names, nationalities, genders, dates of birth, phone numbers and physical addresses. Phone House has been threatened with further releases if a ransom is not paid.

Exposed data

Dates of birth Email addresses Genders Names Nationalities Phone numbers Physical addresses

Recommended actions

  • Watch for targeted phishing emails referencing Phone House España — attackers weaponise breach data quickly.
  • Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
  • Exposed identity data raises identity-theft risk — consider credit monitoring or a credit freeze.
  • Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected? Check whether your email address appears in this breach.
Check on HIBP