This weekend, Vodafone UK announced that around two thousand customer accounts were partially compromised during a system hack attack on Thursday morning. A Vodafone spokesman stated that the hackers may have been able to obtain account holders names, mobile numbers, bank sort codes and the last four digits of account numbers on 1,827 compromised accounts. Debit or credit card details were not stolen, but in the words of the Vodafone spokesman: “However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.” The mobile telecommunications company has already started contacting all customers whose details may have been stolen and has explained that other customers have nothing to fear. If you are a Vodafone UK customer, it seems that no news is good news.
As to how the incident happened, the spokesman said: “This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.” At present, there is no substantive evidence linking the Vodafone hack with the TalkTalk attack towards the end of October, during which some four million customer details were stolen plus card details on around twenty-one thousand individuals. Two teenagers have been arrested in connection with this hack. To date, Vodafone reports that a small number of accounts have seen any sign of fraudulent activity or access attempts to following the attack. It’s good to see Vodafone disclosing the attack and some details, which appears to have been of a result of criminals obtaining account login details rather than breaking in via another method.
However, with two cyber attacks on UK telecommunications businesses in a small number of days, it does raise a number of questions. One is that both TalkTalk and Vodafone have disclosed details of the attacks, does this mean that the other networks and businesses have seen similar attacks that were either unsuccessful? Or were any other hacking attempts successful and the carriers are weighing the data loss before disclosing details? We are unclear if the two attacks are merely a coincidence but if not, details are sure to emerge in the coming days. This is a developing story and we will update you with more news as and when it arrives, meanwhile it should also serve as a reminder that it is sensible to use different passwords for different accounts, to help prevent attacks such as this one being successful.