Australia probes potential data breach involving four million Vodafone customers

Access to personal information on four million Vodafone Australia customers – including names, addresses, driver’s licenses, and credit card numbers – on a website for dealers was provided to unathorized individuals, according to a report by the Sydney Morning Herald.

The website is only supposed to be accessible by dealers using IDs and passwords. Apparently, this information has been made available to non-authorized parties, according to the report.

''It appears what has happened is that somebody shared a password,'' Vodafone chief executive Nigel Dews told The Age newspaper. ''It appears to be a one-off breach and we have got out internal investigators looking into it right now. We reset our passwords last night and we are resetting them every 24 hours until that investigation is complete.''

The press reports prompted an investigation by the Office of the Australian Privacy Commissioner.

"The office's first step will be to determine whether Vodafone's activities constitute a breach of the Privacy Act, said Commissioner Timothy Pilgrim said in a Jan. 10 statement. I am concerned about the amount of personal information that may have been disclosed, which could include sensitive information. For this reason I have opened an own motion investigation into the matter today. I have spoken with the CEO of Vodafone and he has assured me of Vodafone's full cooperation".

Pilgrim advised Vodafone customers who believe their privacy has been “interfered with” to contact the company. If they are not satisfied with the company’s response, they should lodge a complaint with his office.

What’s Hot on Infosecurity Magazine?