Vodafone has said that their security is “fundamentally effective” after they became the latest major UK telecoms operator after TalkTalk to be hit by a breach, which between 28th and 29th October 2015 resulted in 1,827 customers having their accounts accessed by cyber criminals.
Admittedly Vodafone’s situation is significantly different from TalkTalk’s. The latter found their website being exploited by hackers who discovered an SQL Injection exploit, while Vodafone states that the cyber thieves who got into their systems were able to use known login (email address) and password details that had been “acquired from an unknown source external to Vodafone“.
Advertisement
What Customer Details Have Been Exposed?
* The customer’s name;
* their mobile telephone number
* their bank sort code
* the last 4 digits of their bank account (no credit or debit card numbers or details were obtained)
At this point we are assuming that Vodafone has ruled out the possible use of a brute force attack, which would attempt to identify the main login and password details by trying lots of common and random combinations at the same time (this is usually made obvious via the server logs).
Instead Vodafone are able to claim that their “systems were not compromised or breached in any way” and their related “protocols were fundamentally effective,” although the login and password details still had to come from somewhere and on this front there is a clear lack of information. Some reports suggest that they were purchased on the so-called dark web, but that still doesn’t explain how they came to be there in the first place.
On top of that Vodafone says that the problem could have been worse had their own “investigation and mitigating actions” not been effective, which they say meant that “only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.” This suggests that the operator knows more than they’re currently able to say.
Vodafone Statement
The information obtained by the criminals can not be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.
These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details. We have already contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers.
It is not necessary for customers to contact their bank directly to inform them of the incident. We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service (CIFAS) database, which will ensure that bank or mobile operators will make additional checks to avoid fraud.
The operator has also notified both Ofcom and the Government’s Information Commissioner’s Office (ICO) of the breach. Meanwhile an investigation has been started by the National Crime Agency and related police forces.
Advertisement
Comments are closed