Hackers have accessed details of 1,827 Vodafone customers

According to Vodafone UK, criminals used the stolen data obtained from “an unknown source” to try to access customers’ accounts.

Personal details belonging to roughly 2,000 Vodafone customers have been compromised.

According to Vodafone, cyber criminals used the stolen data (emails and passwords) obtained from “an unknown source” to try to access customers’ accounts between Wednesday and Thursday.

“We can confirm that Vodafone UK was subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October. At that point we initiated a comprehensive investigation to fully understand the facts so that we could give any affected customers the best possible advice. We informed the National Crime Agency (NCA), the ICO and Ofcom of the issue on the evening of Friday 30 October.” states the message issued by Vodafone UK.

According to telecommunications company the criminals accessed 1,827 customers accounts, gaining their names, mobile phone number, bank short code and the last 4 digits of their bank account.

No credit or debit card numbers or details were obtained, but it is important to keep in mind that data accessed by criminals could be used for fraudulent activities.

Also in this case, the company is saying that its systems had not been breached, a circumstance similar to the security breach occurred recently to the British Gas company that caused the exposure of 2,200 records.

In response to the security breach, Vodafone has blocked the customers’ accounts involved in the incident and it is contacting affected customers to assist them with changing their account details.

Vodafone has already contacted the banks of affected customers to alert them to potential risks for the individual involved. Vodafone is now working with the National Crime Agency (NCA) and has already informed the ICO and Ofcom of the issue on the evening of Friday 30 October.

“The NCA can confirm that we have been contacted by Vodafone in relation to a compromise of customer data, and we are in dialogue with the company.” said an NCA spokeswoman said. “Anyone who thinks they have been subject to attempted or successful fraud, or other online crime, should report it to action fraud at www.actionfraud.police.uk.”

We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service (CIFAS) database, which will ensure that bank or mobile operators will make additional checks to avoid fraud.

Victims of the security breach should:

• Carefully monitor their banks and report any unusual activity. Users in England, Wales or Northern Ireland can contact the national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk. Scottish users can call Police Scotland.
• Be aware of phishing emails.
• Avoid giving out personal and financial data.

Pierluigi Paganini

(Security Affairs – Security Breach, Vodafone)