Mobile telecom giant Vodafone is investigating reports that one of its databases had been breached, and that customer data was available online.
According to the Sydney Morning Herald, the compromised database contained sensitive customer information, including credit card numbers, home addresses, and drivers license information.
ABC News is reporting that the databases also contained information on account activity such as call logs, that spouses of those with breached accounts may have sought access to the logs, and that criminals are paying for access to billing information.
A spokesperson for VHS, the parent company of Vodafone, denies that customer information has been made available online, stating:
“Customer information is stored on Vodafone’s internal systems and accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password. Any unauthorised access to the portal will be taken very seriously, and would constitute a breach of employment or dealer agreement and possibly a criminal offence. All passwords have been reset and a review is being undertaken of the training and process as an additional precaution.”
The statement seems to indicate that multiple parties had access to the information, including third-party business associates.
Vodafone has been struggling with quality and customer service issues, and is the target of a potential class-action that is gaining momentum.