Mobile telecoms giant Vodafone has confirmed that it has become the latest company to suffer a data breach, admitting that details on just shy of 2,000 customers have been accessed by persons unknown.
In a statement
released this weekend, Vodafone described the attack on its systems as 'an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October.
' The attack, however, was not a breach on Vodafone's internal network itself: rather, the company has placed the blame at the feet of the users themselves, claiming that 'this incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone
' - likely gathered as the result of a phishing expedition.
Reviewing the attack, Vodafone discovered the persons unknown had made off with the details of 1,827 customers, including: name, mobile telephone number, bank sort code, and the last four digits of their bank account, which can be correlated with the usernames and passwords the ne'er-do-wells had already obtained to access the site. Payment details beyond the partially-redacted bank account numbers were not accessed, Vodafone has claimed, but the company admits that 'this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.
The company has blocked all affected accounts and contacted those customers whose details were accessed, and is working with the National Crime Agency, the Information Commissioner's Office, and Ofcom to investigate the attack.