An insider targets two million Vodafone customers

One of the telecom company’s servers in Germany was hacked, providing access to personal information on individuals in the country who had applied for a new contract or account.

Spotted early by Engadget (via Bloomberg) Vodafone says the infiltration “appears to have been carried out by one of its own employees and that the police has already identified an individual and seized their assets.”

The episode was detected by Vodafone at the beginning of September.

The data exposed included the names, addresses, birthdate, gender, bank sort code and bank account numbers. Vodafone said credit card details, mobile phone numbers, passwords or PIN numbers were not obtained.

“In the absence of passwords, PINs or credit card details it is very unlikely that criminals would gain direct access to an individual’s bank account,” the company said. “However, there is a heightened risk that the criminals may request a fake direct debit application which would be immediately visible to the account holder and which could be immediately blocked or reversed under well-established banking protection measures.”

The company has already reached out to all individuals they believe to be affected.

ThreatWatch is a regularly updated catalog of data breaches successfully striking every sector of the globe, as reported by journalists, researchers and the victims themselves.