Vodafone Germany confirms insider data theft: Two million customers affected

Vodafone Germany confirms insider data theft: Two million customers affected

Summary: The European mobile giant said personal details of more than two million of its German customer base have been stolen by a hacker.

TOPICS: Security
(Image: Kent German/CNET)

Vodafone Germany confirmed on Thursday that data on more than two million of its customers has been stolen. 

The company said the hacker acquired customer names, addresses, some limited bank account information, and dates of birth from a company internal network. However, credit card details, mobile phone numbers, passwords, and PIN numbers were not taken in the data breach.

Vodafone said this "illegal intrusion" was conducted by an individual working for the company who had an "inside knowledge of [its] most secure internal systems," and that the individual has been identified by police and had their home search and assets seized.

"Vodafone Germany has world-class security systems which are constantly updated and upgraded to block new emerging threats," a company statement read. "However, this attack was highly complex and conducted with inside knowledge of our most secure internal systems."

The U.K.-headquartered phone network, with operations in a number of European countries, including Greece, Ireland, Italy, and Spain, confirmed that only German customers were affected by the data breach. 

"As soon as we discovered the incident we took all necessary steps to stop the attack, minimise any adverse impact for our customers and notify all relevant German authorities," the statement added.

Vodafone, which has a total of 36 million customers in the country, was advised by German authorities to not immediately publicly disclose details of the breach to avoid impeding law enforcement efforts. That has now concluded, the company confirmed.

"We are sending our sincere apologies to everyone affected for any disruption caused," Vodafone said.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • the same will happen to any other company

    Phone companies routinely use/have your SSN. Companies prompted by idiot security wonks collect all sorts of additional personal data in a misguided attempt to increase security... what's you mothers maiden name, first car, first pet... all will get stolen or sold allowing for the accumulation of the uber profile which will enable unbreakable identity theft. Once they have all this data you will not be able to definitively prove who you are. This will be the greatest security failure of all time within the next decade.
  • Great business opportunity

    I have a world class solution for this growing problem.
    Ask me for details
    Augusto Castillo
  • Difficult to detect

    I consult in the database field, and while there are many measures that can be taken, like restricted access to production systems and anonymizing non-prod environments, locking down workstations to disallow external storage or DVD/CD burning, and security software to detect theft, almost no companies that I know if use them.

    At almost every large corporation that I visit, If someone wanted to steal data, it would take a few minutes, and would be nearly impossible to detect.

    Worse, I still see companies storing passwords in non protected formats that can be selected and viewed. IMO, this is one of the most serious concerns.
  • PIN number - really?

    There is no such thing as a PIN number because that translates into "personal identification number number." So in reality the data thief didn't steal PINs.

    -Ken (department of redundancy department)
  • Political Correctness

    "only German customers were affected by the data breach."

    I am offended by the political incorrectness of this article. I am assuming that the article was supposed to be about the data of vodafone in germany.
    Zdnet has failed to provide a definition of "german customer", which results in a labeling of a selection of people, regardless of the indivduality.

    My personal data was probably on the compromised server, as I have a contract with Vodafone Germany, however I do not have the German nationality.

    Please consider the seriousness of your articles and explain if you are describing a nationality, a physical location, a political government, or a racial group.
    • Overly sensitive

      @clap_clap : you are talking claptrap. I am a foreigner where I live. You are being way over sensitive. The entire world knows that Zdnet means customers of Vodafone Germany and not blonde blue-eyed germanic customers. Then again your comment is so ridiculous that it's probably flame-bait.