Vodafone UK claims attack gained limited customer data from 1,827 customers
Vodafone Group reported its United Kingdom operations late last week were hit by a cyberattack that gained access to account information of 1,827 customers, including names, telephone numbers, bank short codes and the last four digits of bank accounts.
Vodafone reported the attacks occurred between midnight on Oct. 28 and midday Oct. 29, and used email addresses and passwords acquired from “unknown sources external to Vodafone.” The telecom giant noted its systems were “not compromised or breached in any way,” and that it had notified the U.K.’s National Crime Agency, the Information Commissioner’s Office and telecom regulator Ofcom of the breach on Oct. 30.
“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts,” Vodafone noted in a statement. “No credit or debit card numbers or details were obtained. The information obtained by the criminals cannot be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.”
Vodafone said it blocked all impacted accounts the evening of Oct. 30, and contacted those customers over the weekend to change account details. The carrier also said it contacted the banks of the affected customers and are “following established procedures in order to protect customers.”
“We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service database, which will ensure that bank or mobile operators will make additional checks to avoid fraud,” Vodafone added.
Vodafone is one of the world’s largest mobile operators, with operations in 26 countries and partnerships in an additional 50 countries serving approximately 446 million mobile customers. Vodafone early last year closed on the sale of its 45% stake in Verizon Wireless to Verizon Communications for $130 billion.
T-Mobile US reported early last month it was hit by hackers in an attack of a vendor that included personal identification information for approximately 15 million people who applied for postpaid services or device financing between Sept. 1, 2013, and Sept. 16, 2015.
Bored? Why not follow me on Twitter