Vodafone customers told to be 'vigilant' after data breach
Company says almost 2,000 customers' accounts were accessed using information acquired from a third party
Vodafone has insisted its security systems and procedures remain "fundamentally effective" after the accounts of more than 1,800 customers were accessed.
In the latest cyber-security breach in the mobile telecommunications sector, Vodafone revealed at the weekend that 1,827 accounts had been accessed between Wednesday and Thursday of last week. The company admitted customers' names, mobile numbers, bank sort codes and the last four digits of their bank accounts could have been taken, The Guardian reports.
Unlike the cyber-attack on TalkTalk the week before, Vodafone says its systems were "not compromised or breached in any way". Instead, it says customers' account names and passwords were obtained through an "external" source. How the details came to be held by a third party is not known.
Vodafone says the affected accounts were blocked, customers' banks were notified to put in place additional protection and the account holders were contacted directly and advised to change their login details. As a result of these measures, the firm insists that "only a handful of customers have been subject to any attempts to use this data for fraudulent activity".
However, Vodafone warned the information could still be used to attempt fraud. It advised customers to be on the lookout for so-called "phishing scams", whereby they receive an unsolicited call or email from a scammer purporting to be from Vodafone or their bank, trying to trick them into revealing even more personal information.
In line with general industry guidance, the firm has urged customers to be vigilant and not to give out any information, either relating to their Vodafone account or their bank details.
Elsewhere, the police have made a third arrest during their ongoing investigation into the TalkTalk hacking. A 20-year-old man in Staffordshire has been arrested on suspicion of offences under the Computer Misuse Act and bailed until March, the BBC reports. This follows the arrest and bail of a 15 year old in Northern Ireland and a 16 year old in London.
TalkTalk continues to assert its breach was less severe than first thought. It says hackers accessed up to 28,000 obscured credit and debit card details with the middle six digits removed – which meant the cards could not be used for transactions – and 15,000 customer dates of birth.
It has similarly advised customers to remain vigilant against fraud such as phishing scams.