Vodafone Germany has revealed
that customer data for more than two million accounts have been seized by hackers in a recent server intrusion. The theft, said to be an inside job, involved the names, addresses, date of birth, gender, bank sort code, and bank account numbers for a large chunk of its customer base, though Vodafone adds that credit card data, phone numbers, passwords, and call data was not accessed.
The carrier believes the intrusion to have been performed by an individual working within Vodafone Germany itself, and that police have already seized their assets, reports Bloomberg
. Though the attack allowed for some financial details to be pulled from the servers, the lack of card details, passwords, and PINs leads Vodafone to believe that criminals will not be able to access bank accounts. Vodafone still warns of the risk of phishing attacks and possible fake direct debit applications being sent to banks, though the latter "could be immediately blocked or reversed under well-established banking protection measures."
After discovering the attack and alerting German authorities, Vodafone was told to not publicly disclose the attack until the first phase of investigations had concluded. It is now in the process of alerting affected customers, and has also made arrangements for individuals to use an independent fraud protection service at no cost to them.
While the attack required insider knowledge, Vodafone assures that it only affects part of its 36 million German customers, and not those in other Vodafone regions, including its UK homeland.