Vodafone Germany confirmed on Thursday that data on more than two million of its customers has been stolen.
The company said the hacker acquired customer names, addresses, some limited bank account information, and dates of birth from a company internal network. However, credit card details, mobile phone numbers, passwords, and PIN numbers were not taken in the data breach.
Vodafone said this "illegal intrusion" was conducted by an individual working for the company who had an "inside knowledge of [its] most secure internal systems," and that the individual has been identified by police and had their home search and assets seized.
"Vodafone Germany has world-class security systems which are constantly updated and upgraded to block new emerging threats," a company statement read. "However, this attack was highly complex and conducted with inside knowledge of our most secure internal systems."
The U.K.-headquartered phone network, with operations in a number of European countries, including Greece, Ireland, Italy, and Spain, confirmed that only German customers were affected by the data breach.
"As soon as we discovered the incident we took all necessary steps to stop the attack, minimise any adverse impact for our customers and notify all relevant German authorities," the statement added.
Vodafone, which has a total of 36 million customers in the country, was advised by German authorities to not immediately publicly disclose details of the breach to avoid impeding law enforcement efforts. That has now concluded, the company confirmed.
"We are sending our sincere apologies to everyone affected for any disruption caused," Vodafone said.