Vodafone Germany has announced that it has recently been subject to a highly sophisticated and illegal intrusion into one of its servers, which has resulted in the theft of a ‘limited’ amount of German customer data.
The attack appears to have been executed by individuals working inside Vodafone, who have been identified and are being questioned by police.
Vodafone says it has contacted all customers affected and is offering support to them to minimize the risk of identity theft. No other Vodafone market has been affected.
The criminals responsible have gained access to the names, addresses, birth date, gender, bank sort code and bank account numbers of approximately 2 million applications from individuals seeking to sign up with Vodafone Germany.
However, the criminals have not gained access to any credit card details, mobile phone numbers, passwords or PIN numbers. They have also not gained access to any personal call information or browsing data.
"We have instructed independent security experts to advise on the potential implications for the individuals affected so we can offer them advice and take the best action to help them. In the absence of passwords, PINs or credit card details it is very unlikely that criminals would gain direct access to an individual’s bank account," said Vodafone Germany.
"We are sending our sincere apologies to everyone affected for any disruption caused. The privacy of our customers and security of their data is our highest priority: Vodafone Germany has world-class security systems which are constantly updated and upgraded to block new emerging threats. However, this attack was highly complex and conducted with inside knowledge of our most secure internal systems."
