Stolen Vodafone security credentials would not have granted any access to customer details held by sister telco 3.
Reports surfaced yesterday that an employee or dealer with Vodafone had leaked log-in details to its central Oracle Siebel database, containing millions of customer records and phone and SMS logs. The reports claimed that criminals and customers' spouses had been sold access for their own use.
The company has confirmed to ZDNet Australia that retail staff share log-in credentials, which security experts say increases the likelihood of a leak since it makes tracking an offender difficult, if not impossible.
However, it has also said that Vodafone and 3's core databases are still separate, despite the two companies having merged their Australian operations in April 2009 to form Vodafone Hutchison Australia (VHA). Therefore, stolen Vodafone credentials could not have been used to steal 3 customer data.
The Australian Privacy Commissioner Timothy Pilgrim has said that he will investigate whether Vodafone has breached the Privacy Act by exposing customer information.