Over 1,800 Vodafone UK accounts are suspected of being compromised by an intrusion that was reported on Friday, Oct. 30. The unauthorized access may have granted hackers access to customer's names, mobile phone numbers, bank sort codes and the last four digits of their bank accounts.
In total, 1,827 accounts were compromised as a result of the intrusion that has hit the Communications Company between Oct. 27 and 28, but Vodafone says hackers were only able to use stolen information from "a handful of customer accounts." Thanks to the company's mitigation efforts.
Those mitigation efforts included blocking the affected accounts and working with customers directly to have the associated banking details changed.
"We have already contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers," says Vodafone. "It is not necessary for customers to contact their bank directly to inform them of the incident."
Vodafone -- which offers text, voice, data and fixed communications services -- didn't suffer a direct hit to its systems. The hackers behind the attack used passwords and email address sourced from outside of Vodafone's systems, the company said.
While identifying bank details were netted in the intrusion, Vodafone says no credit or debit card numbers were taken as a result of the incident.
"The information obtained by the criminals cannot be used directly to access customers' bank accounts," says Vodafone. "However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts."
Vodafone reported the intrusion to the National Crime Agency, Information Commissioner's Office and communications regulator Ofcom.
There is the suspicion that this intrusion was encouraged by remarks made a representative of TalkTalk, a mobile virtual network operator that leverages Vodafone's infrastructure to provide its own communications services.
The TalkTalk representative mentioned, on Twitter, that some of its customer accounts weren't encrypted, though the security flaw fell under the jurisdiction of partner Carphone Warehouse.
That bit of info led to an attack on TalkTalk that compromised 1.2 million email addresses and phone numbers, along with about 21,000 bank account numbers. The attack on Vodafone customers may just be the latest domino to fall as a result of that accidental tip to hackers.
