TechRadar reports that Vodafone UK yesterday confirmed the attackers gained access to its systems between midnight on Wednesday, Oct. 28 and midday on Thursday, Oct. 29. The company says its security protocols “were fundamentally effective” but that 1,827 customers may have had their personal details stolen.
Vodafone says its systems weren’t compromised or breached and that the criminals obtained access using email addresses and passwords “acquired from an unknown source external to Vodafone.” The hackers were able to obtain customer names, mobile phone numbers, bank sort codes and the last four digits of bank account numbers.
Vodafone has initiated a “comprehensive” investigation into the incident. The company alerted the UK’s National Crime Agency, Information Commissioner’s Office and network regulator Ofcom during the evening of Friday, Oct. 30.
The affected customers have been contacted directly and given advice on how to deal with fraud and phishing. Vodafone attempted to reassure its other customers that the incident is confined to only the 1,827 people notified, saying “no other customers need to be concerned, as the security of our customers’ data continues to be one of our highest priorities.”
The attack comes just days after UK telecoms firm TalkTalk warned that hackers could have stolen the details of millions of its customers, including card credentials. The company has since revised the figure downwards and now claims only 1.2 million customers were affected with 21,000 bank account numbers and sort codes accessed.
TalkTalk CEO Dido Harding admitted the company does not use encryption in key areas of its database as customers slammed the firm for poor correspondence amid the third attack on its systems in eight months. UK police have since arrested two teenagers in connection with the breach.
The situation at Vodafone does not appear to be so severe. The company says the stolen details cannot be used to directly access bank accounts but admits they could open customers to fraud and online scamming.
The affected people have had their Vodafone accounts blocked. An email will provide instructions for resetting their account and guarding against any phishing attacks that occur in the next few months as a result of the attack. Vodafone has contacted the major UK banks who will be watching for suspicious activity on the affected accounts.