A total of 1,827 customers have had their names, phone numbers and partial bank details exposed on an “unknown source external to Vodafone”. The firm maintained that its core systems were not breached.
The incident shows the clear risks of using the same password on multiple websites as criminals are able to exploit this data to access other sensitive accounts.
It is possible that the personal records originated from the dark web and were used to provide unauthorised access to user accounts, but this is yet to be verified.
Vodafone said that no full credit or debit card details were obtained and that the partial data cannot be used to access bank accounts. However, the attack, which occurred between midnight on 28 October and midday on 29 October, has affected customers who are now at risk of fraud and phishing attempts.
The accounts have all been blocked, and Vodafone is contacting customers directly and advising them to change their log-ins and passwords.
Source: New feed