Customer details such as passwords and phone numbers stolen in second attack on a major UK carrier in two weeks
Vodafone has suspended the accounts of nearly two thousand customers after their details were found to have been accessed by outside sources, the company has confirmed.
Around 1,800 Vodafone customers were affected by the breach, which saw details such as names, passwords and telephone numbers grabbed by hackers.
The hack is now thought to be contained, and Vodafone’s own systems were not compromised during the attack, but the attack is the second on a major British carrier after TalkTalk suffered a major assault last week.
Vodafone said it first noticed attempts to access customer account details between midnight on Wednesday and noon on Thursday.
After starting its own investigation, the company notified the National Crime Agency (NCA), Information Commissioners’ Office (ICO) and Ofcom, as it found that the attackers had obtained e-mail addresses and passwords from “an unknown source external to Vodafone”, meaning that the attackers were trying to see which users re-use the same passwords from other recorded hacks.
Vodafone says customer credit card details were not accessed, except for the last four digits of card numbers, which should not be enough to access an account, although the company is notifying the banks of affected customers.
Those affected by the hack should also be wary of being subject to fraud or phishing attempts, Vodafone warned.
“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts,” the company said in an official statement.
“We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers’ data continues to one of our highest priorities.”
The attack on TalkTalk last week saw 1.2 million customer email addresses, names and phone numbers stolen, along with 21,000 bank account numbers and sort codes, 28,000 partial card details, and 15,000 dates of birth.