Vodafone warns 1,827 customers they're 'open to fraud' following hack
Vodafone warns affected customers they could be open to phishing after accounts were compromised
Vodafone has revealed that hackers have accessed the accounts of almost 2,000 customers and have potentially stolen their personal information and bank details.
The incident follows an attack on fellow British telecoms firm TalkTalk, which saw cyber criminals make off with details of thousands of customers.
According to a Vodafone statement, the company suffered a security breach between midnight on Wednesday 28 October and midday on Thursday 29 October.
The incident is suspected to be a result of criminals using email addresses and passwords "acquired from an unknown source external to Vodafone" - perhaps a web forum used by cyber criminals - rather than being as a result of Vodafone systems themselves being compromised.
In total, Vodafone says 1,827 customers have had their accounts accessed, potentially meaning that cyber criminals have made off with their names, telephone numbers, their bank sort codes and the last four digits of their bank account number.
While the hackers haven't been able to obtain full credit card or debit card details, Vodafone has warned customers that they could be vulnerable to fraud and open to phishing attempts. The company says it has already contacted all the customers who've had their accounts accessed by the outside party.
"We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers' data continues to one of our highest priorities."
Vodafone said it started investigating the breach as soon as it was discovered and informed the National Crime Agency (NCA), the ICO and Ofcom about the incident the next day. The company is now working with the NCA in support of an ongoing investigation.
Ryan Wilk, director at NuData Security, suggested that the Vodafone hack - and the recent TalkTalk breach - demonstrate that "no matter how diligent a company is in trying to protect its sensitive data, fraudsters always seem to be one step ahead".
The main threat now, Wilk warned, centres on how the cyber criminals will try to use the stolen information.
"With the amount of data on the black market, there is no end to the potential damage the fraudsters can do using the stolen data. With this level of information, fraudsters can create new bank accounts or take out loans under an actual person's name, causing problems for victims for years to come," he said.