Vodafone admits hack, customer bank details stolen

Almost two thousand Vodafone UK customers have been potentially left open to fraud and phishing attempts following the data breach.


Vodafone has admitted to a security breach which has led to the theft of sensitive information belonging to 1,827 customers in the United Kingdom.

Last week, the telecommunications provider released a statement saying that "unauthorized account access" took place between midnight on Wednesday 28 October and midday on Thursday 29 October.

The company says the cyberattack took place through email address and password credentials "from an unknown source" outside of Vodafone, and the firm's systems have "not been compromised or breached in any way."

Be that as it may, 1,827 customer accounts were accessed, giving the hackers data including names, telephone numbers, bank sort codes and the last four digits of their bank account -- potentially leading to identity theft and fraud.

"Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts," the firm says.

Following the discovery of the data breach, the affected customer accounts were blocked until Vodafone was able to contact them and change their details.

Vodafone has been quick to react to the cyberattack, but customers will not necessarily get away scot-free. Armed with the stolen information, this could be enough for the cybercriminals to launch successful phishing campaigns and commit fraud. Phishing campaigns are likely to be the main problem, as armed with this data, criminals could dupe the Vodafone customers into handing over additional information.

It would only take a phone call or an email from a fake Vodafone representative to coax people into handing over additional information which could be used to access bank accounts or commit identity theft.

The company informed the UK's National Crime Agency (NCA), the ICO and Ofcom of the issue on Friday 30 October, and has also contacted the banks of the victims to watch out for potential fraudulent activity.

The news concerning Vodafone comes in the aftermath of a data breach at ISP TalkTalk which has affected millions of customers. The UK telecoms provider says the cyberattack took place on the firm's website rather than core systems, but up to 21,000 unique customer bank account numbers and sort codes, 28,000 obscured credit and debit card details, 15,000 customer dates of birth and 1.2 million customer email addresses, names and phone numbers were accessed.

See also: 15-year-old arrested over TalkTalk hack

Read on: Top picks