Subscribe For Free

Nearly 2,000 Vodafone customers “at risk of fraud” due to cyber attack

James Pearce
October 31, 2015

Operator is latest large UK company to be hit by hackers who accessed names, telephone numbers and bank details

The details of 1,827 Vodafone UK customers could be at risk after the operator admitted it was hit with a cyber attack on October 28.

Criminals allegedly used emails and passwords acquired from a “source external to Vodafone” to access customer accounts, the operator claimed.

Details including customer names, telephone numbers, sort codes and the last four digits of bank accounts could have been taken, it added, with almost two thousand accounts accessed during the attack.

It is the latest in a string of attacks on UK companies in past few weeks, including TalkTalk and British Gas, while data from Marks & Spencer customers was also leaked online.

Vodafone said its security protocols had been “fundamentally effective” insisting its systems had not been breached. But the operator admitted that a handful of customers had been subject to fraud attempts on their Vodafone accounts as a result of the attack.

Vodafone said: “Vodafone UK was subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October. At that point we initiated a comprehensive investigation to fully understand the facts so that we could give any affected customers the best possible advice.

“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.

“We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers’ data continues to one of our highest priorities.”

The National Crime Agency, the Information Commissioners Office and Ofcom have all been informed of the attack, and all customer accounts were blocked on Friday (October 30), the operator added.

Share this article