31 Oct 2015

Vodafone customers at risk after hack

Nearly 2,000 of the mobile phone giant’s customers are “open to fraud” after hackers accessed their account details.

Vodafone logo (Getty)

Vodafone said 1,827 accounts had been breached, meaning criminals could get hold of customers’ names, mobile numbers, bank sort codes and the last four digits of their bank accounts.

The latest hacking incident comes just over a week after TalkTalk said it had been subjected to a “significant and sustained” attack on its website, sparking fears that millions of people may have had their bank details stolen.

Vodafone said the cyber-attack came between midnight on Wednesday and midday on Thursday.

A spokesman said: “This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.

“Vodafone’s systems were not compromised or breached in any way.”

An internal investigation was launched before the National Crime Agency (NCA), Ofcom and the Information Commissioner’s Office were informed on Friday evening.

Vodafone said its security protocols were “fundamentally effective” and no credit or debit card details were accessed.

A spokesman added: “Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.

“The information obtained by the criminals cannot be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.

“These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details.”

Vodafone said it had alerted the banks and any other customers who are not contacted by the company today need not be concerned.

TalkTalk arrest

On Saturday police made a third arrest in connection with the alleged theft of data from TalkTalk.

Officers from the Met Police’s Cyber Crime Unite and the NCA executed a search warrant at an address in Staffordshire and arrested a 20-year-old man.

Two teenagers already arrested over that incident – a 15-year-old boy from County Antrim in Northern Ireland and a boy aged 16 from Feltham in west London – have been released on police bail.

TalkTalk said the cyber attack on its website was “significantly less than originally suspected” with fewer than 21,000 unique bank account numbers and sort codes accessed.