Almost 2,000 Vodafone customers may be open to fraud after their personal details were accessed, the company said. Criminals used customer details gained from "an unknown source" to try to access accounts between Wednesday and Thursday, the company said.
Vodafone UK was subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October, according to the company.
Vodafone initiated an investigation and informed the National Crime Agency (NCA), the ICO and Ofcom of the issue on the evening of Friday 30 October.
This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.
The company said that 1,827 customers have had their accounts accessed, potentially giving the criminals involved:
- The customer’s name;
- their mobile telephone number
- their bank sort code
- the last 4 digits of their bank account
The company's investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.
No credit or debit card numbers or details were obtained. The information obtained by the criminals can not be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.
These customers’ accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details. Vodafone has contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers.
Last week broadband, TV, mobile and fixed-line service provider TalkTalk said it had been hacked, potentially putting the private details of its 4 million customers into the hands of criminals. Less than 21,000 unique bank account numbers and sort codes had been accessed. Two teenagers have been arrested in connection with that attack.