Millions in Germany have data compromised in Vodafone hack

Share this article:

Authorities have identified an attacker suspected of carrying out a sophisticated hack against Vodafone Germany.

The individual was able to obtain information – including names, addresses, dates of birth, genders and banking details – on roughly two million of the mobile phone company's customers, a company spokesperson said, adding there was no access to credit card information, passwords, PIN numbers or mobile phone numbers.

Vodafone learned of the attack – which was possible due to insider knowledge of the company's IT infrastructure – on Sept. 5 and is only alerting customers now because authorities did not want to compromise the investigation.

The attack is said to have only affected customers in Germany.

A Vodafone spokesperson said it is unlikely that banking information can be accessed, but nevertheless customers were told to monitor bank accounts and are warned to be on alert for email and phone phishing attacks that seek out further details.

The mobile company would not reveal the identity of the suspect, but according to reports, the perpetrator is alleged to be a subcontractor of Vodafone's administration system.

Vodaphone said it is taking actions to prevent this type of incident from occurring again, including reinstalling servers and changing passwords and certificates of all administrators.

Companies suffer from data breaches everyday, but it is not too often that millions of customers are affected. An attack on Sony's PlayStation Network in 2011 compromised personal information for roughly 77 million gamers. An attack on Heartland Payment Systems in 2008 also affected millions.

Share this article:

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.