Hackers steal nearly 2,000 Vodafone customer accounts

Mobile operator blocks compromised accounts, urges customers to change passwords

The personal details of 1,827 Vodafone customers were stolen by hackers last week, the company has admitted.

The hack exposed those customers' passwords and email addresses, as well as victims' bank sort codes and the last four numbers of their bank accounts, after cybercriminals broke through Vodafone's security between midnight Wednesday, 28 October and midday Thursday, 29 October.

"This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone's systems were not compromised or breached in any way," the telco said in a statement.

The operator informed the National Crime Agency (NCA), the Information Commissioner's Office and Ofcom of the issue on the evening of Friday, 30 October, and said it is working with the NCA to support the ongoing investigation.

Such actions have meant that only a handful of customers have been subject to any attempts by hackers to use their data for fraudulent activity on their Vodafone accounts, the company claimed.

However, while claiming its security protocols were "fundamentally effective" and no credit or debit card details were obtained in the attack, Vodafone admitted the leaked information does leave affected customers "open to fraud and might also leave them open to phishing attempts".

Compromised accounts were all blocked on Friday evening and Vodafone contacted affected customers directly over the weekend to assist them with changing their account details.

"We have already contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers," the firm added.

"We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers' data continues to one of our highest priorities," the firm said.

The data leak comes a week after UK broadband provider TalkTalk was hacked by criminals, leading to the theft of 1.2 million customer email and phone numbers and 21,000 bank details. In that investigation, police have so far arrested a 15-year-old in Northern Ireland and a 16-year-old in West London, as well as a 20-year-old man from Staffordshire.

Ryan Wilk, director at NuData Security, said that the Vodafone and TalkTalk breaches suggest fraudsters seem to be one step ahead of firms' security measures.

"Any company in any vertical where sensitive data is stored will be a target of hackers and criminals," he said. "While the loss of this data is an issue in and of itself, the secondary use of the stolen data should a concern to every business."

He added that thieves sell this information to aggregators, who cross-reference and compile full identities, called "fullz," on the data black market.

"This increases the value and usefulness of the stolen data and is building countless identities for the fraudsters. With the amount of data on the black market, there is no end to the potential damage the fraudsters can do using the stolen data," he claimed.

"With this level of information, fraudsters can create new bank accounts or take out loans under an actual person's name, causing problems for victims for years to come."

Featured Resources

Defeating ransomware with unified security from WatchGuard

How SMBs can defend against the onslaught of ransomware attacks

Free download

The IT expert’s guide to AI and content management

How artificial intelligence and machine learning could be critical to your business

Free download

The path to CX excellence

Four stages to thrive in the experience economy

Free download

Becoming an experience-based business

Your blueprint for a strong digital foundation

Free download

Recommended

Vodafone becomes second UK operator to bring back EU roaming charges
Mobile

Vodafone becomes second UK operator to bring back EU roaming charges

9 Aug 2021
Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
The best 4G network
Mobile

The best 4G network

28 Sep 2020

Most Popular

Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021