Vodafone Germany has become the latest firm to find itself on the receiving end of a serious data breach after admitting that a hacker with inside knowledge has managed to steal the personal data of two million customers.
The server breach in early September compromised customer names, addresses, birth dates, and bank account numbers but not, thankfully, mobile numbers, PIN numbers and passwords or credit card details, the company said.
"Vodafone deeply regrets the incident and apologises to all those affected," Vodafone Germany said in a statement.
The company had “filed charges” against an unspecified individual it believed was connected to the attack that could only in its opinion have been carried out with intimate knowledge of its systems. That person’s home had been searched as part of the police investigation.
German media reports have claimed that the suspect worked for a contractor and not Vodafone itself, but this has not been confirmed.
The question of course is what damage has been done by a breach that is reminiscent of the infamous attack on Sony in 2011. Vodafone has warned of phishing attacks using the stolen email addresses, which will be a significant problem if they do occur; the attackers will be armed with first name and surname, often enough to catch consumers off guard.
“This attack is particularly surprising given strict German protection methods around auditing of data access and encryption of sensitive information,” said George Anderson, Senior Marketing Manager for endpoint security firm, Webroot
“The main concern now is potential phishing attacks aimed at Vodafone’s customers. Vodafone customers should change their security details on the accounts affected, by phone, just in case their PC is infected and run additional external security scans and checks on their PCs,” he advised.