Vodafone UK was subject to an attempt to access some customers’ account details between midnight on Wednesday 28 October and midday on Thursday 29 October. At that point we initiated a comprehensive investigation to fully understand the facts so that we could give any affected customers the best possible advice. We informed the National Crime Agency (NCA), the ICO and Ofcom of the issue on the evening of Friday 30 October.
This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.
Whilst our security protocols were fundamentally effective, we know that 1,827 customers have had their accounts accessed, potentially giving the criminals involved:
- The customer’s name;
- their mobile telephone number
- their bank sort code
- the last 4 digits of their bank account
Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.
No credit or debit card numbers or details were obtained. The information obtained by the criminals cannot be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.
These customers’ accounts were all blocked on Friday evening and the affected customers have been contacted directly over the weekend to assist them with changing their account details. We have already contacted the banks of affected customers to alert them to the situation and they are following established procedures in order to protect customers. We will also be loading customers’ details into the Credit Industry Fraud Avoidance Service (CIFAS) database, which will ensure that bank or mobile operators will make additional checks to avoid fraud.
We are now working with the NCA in support of their ongoing investigation.
We would like to make clear that only the 1,827 customers, who have all been contacted, have been affected by this incident: no other customers have been affected or need to be concerned, as the security of our customers’ data continues to one of our highest priorities.