According to a report in the Sydney Morning Herald (SMH), the cellco has terminated its business relationships with Communications Direct over alleged customer database misuse.
As widely reported earlier this month, Vodafone Australia sacked a number of employees over a serious data security breach that reportedly released the details of Vodafone customers to unauthorised third parties.
A statement from the cellco made in the middle of January said it had contacted the police to assist in investigations, as well as undertaking a review of IT systems security, processes and training.
The SMH claims that Communications Direct was Vodafone's largest premium partner, but also claims to have received internal emails that showed senior managers instructing employees to impersonate customers and exploit the dealer's privileged access to the cellco's database.
"Once a sale had been made, Communications Direct... would allegedly then call Vodafone and pose as the customer, asking for their original account to be disconnected. This would then allow Comms Direct to sign the customer on with a completely new account, earning it double the commission from Vodafone", said the paper.
The ruse unravelled, it seems, when some customers who signed up to Vodafone plans through Comms Direct unwittingly ended up with multiple bills and multiple charges when the dealer allegedly failed to cancel their original accounts.
"Comms Direct staffers were separately claimed to have breached privacy by forwarding detailed customer call records outside the company", says the newspaper.
The paper adds that Vodafone Australia said that it terminated its dealer arrangement with Communications Direct on Friday, the day that the SMH published the allegations, "due to alleged business practices that breached the terms of its dealer agreement".
The Australian Privacy Commissioner is now reported to be investigating what appears to be a major breach of the country's privacy laws, not to mention other potentially more serious issues that the police are also looking into.
The affair could prove to be highly embarrassing for Vodafone, as Australian press reports suggest dealer staff were accessing customer records using shared login details, and with passwords such as "password1" for the facility.