Press Release | 31 Oct 2015

UPDATE: STATEMENT ON UNAUTHORISED ACCOUNT ACCESS

Vodafone UK was subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October. At that point we initiated a comprehensive investigation to fully understand the facts so that we could give any affected customers the best possible advice. We informed the National Crime Agency (NCA), the ICO and Ofcom of the issue on the evening of Friday 30 October.

This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.  Vodafone’s systems were not compromised or breached in any way.

Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved:

  • The customer’s name;
  • their mobile telephone number
  • their bank sort code
  • the last 4 digits of their bank account

Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.

No credit or debit card numbers or details were obtained. The information obtained by the criminals cannot be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.

These customers’ accounts were all blocked on Friday evening and the affected customers have been contacted directly over the weekend to assist them with changing their account details.  We have already contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers. We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service (CIFAS) database, which will ensure that bank or mobile operators will make additional checks to avoid fraud.

We are now working with the NCA in support of their ongoing investigation.

We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers’ data continues to one of our highest priorities.

About Vodafone UK

Vodafone UK is a technology communications company that connects people, businesses and devices to help our customers benefit from digital innovation. Our services span mobile, fixed-line connections, home and office broadband, and the Internet of Things (IoT).

We have a strong track record as a tech pioneer, making the UK’s first mobile phone call, sending the first text message, and making the UK’s first live holographic call using 5G in 2018. We were the first to start carrying live 5G traffic from a site in Salford, Greater Manchester and now have 5G in locations across Germany, Ireland, Italy, Spain as well as the UK. Meanwhile, our 4G network coverage currently reaches over 99% of the UK population.

Today, Vodafone serves more than 18 million mobile and fixed-line customers in the UK. Vodafone is the largest provider of full fibre in the UK – our superfast broadband services are now available to nearly 12 million homes across the UK.

Sustainability is also at the heart of what we do: as of 1 July 2021, 100% of the grid electricity we use in the UK is certified to be from renewable sources.

For more information about Vodafone UK, please visit: www.vodafone.co.uk.

Vodafone UK Media Relations

Telephone: +44 (0) 1635 693 693

Email: ukmediarelations@vodafone.com

Twitter: @VodafoneUKNews

Website: https://vodafone.co.uk/newscentre/

Vodafone Limited

Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN

Registered in England No: 1471587