Vodafone denies customer records publicly available on Internet – while seemingly acknowledging a breach
In response to allegations published yesterday of a serious security breach that may have left millions of Vodafone customers’ personal details and credit card information at risk, Vodafone announced that it is investigating the allegations but denies that customer records are publicly available on the Internet:
The AAP also reports:
The mobile phone company has reset all passwords for its web portal, used by employees and dealers.[…]
A Vodafone spokesman said the company was concerned to hear of the alleged breach.
“Vodafone’s customer details are not ‘publicly available on the internet’,” he said in a statement today.
“Customer information is stored on Vodafone’s internal systems and accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password.
Read more on news.com.au
But while Vodafone seems to be denying a breach – or at least some of the allegations – other coverage suggests that Vodafone has acknowledged that there has been a breach. Vienna Ma reports:
According to Vodafone chief executive Nigel Dews, the company was concerned to hear of the alleged breach, and an internal investigation is underway to work out who breached the system and how, and refer the matter to the Australian Federal Police if appropriate.
Vodafone has confirmed it believes its secure customer database has been breached by an employee or dealer who has shared the access password, revealing the personal details of millions of customers.
The mobile phone company has reset all passwords for its web portal, used by employees and dealers.
Dews said a full report will be delivered to him on Monday, but at this stage, he does not believe it is a widespread problem.
Read more on Trading Markets.
Peter Martin and Lucy Battersby also report that the breach denial is not a total denial:
‘It appears what has happened is that somebody shared a password,” Vodafone chief executive Nigel Dews told The Age. ”It appears to be a one-off breach and we have got out internal investigators looking into it right now. We reset our passwords last night and we are resetting them every 24 hours until that investigation is complete.”[…]
Mr Dews declined to say whether Vodafone kept logs of every access, saying he did not want to hand out information that could help hackers.
Read more in the Sydney Morning Herald.