Over 1,800 Vodafone customers have been exposed to potential identity fraud after hackers used email addresses and passwords obtained from elsewhere to access details stored in their personal accounts.
The firm claimed in a statement that its UK business was subject to attempted unauthorized accessing of customer accounts on 28 and 29 October.
Although the operator claimed its systems “were not compromised or breached in any way,” the attackers were able to access 1,827 accounts—presumably because their owners reused passwords from other, hacked accounts.
Details they made off with included names, mobile numbers, bank sort codes and last four digits of bank accounts.
It added:
“Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.
No credit or debit card numbers or details were obtained. The information obtained by the criminals can not be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.”
The affected accounts have now been blocked, and customers are being contacted directly to change their details.
The banks, as well as privacy watchdog the ICO, regulator Ofcom and the NCA have all been notified and Vodafone said it has also uploaded customer details into the Credit Industry Fraud Avoidance Service (CIFAS) database, to further bolster fraud prevention efforts.
The news comes as police arrested two more suspects in connection with a major data breach at UK ISP TalkTalk over the past few days.
After releasing a 15-year-old gamer on bail in Northern Ireland last week, police cuffed a 16-year-old from Feltham, west of London, on Friday.
Now a 20-year-old Staffordshire man has been arrested in connection with the incident, in which TalkTalk is now claiming only 1.2 million email addresses, names and phone numbers and 21,000 unique bank accounts and sort codes were compromised.