Connect with us

Hi, what are you looking for?


Data Protection

Insider Steals Data of 2 Million Vodafone Germany Customers

Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.

Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.

“This criminal attack appears to have been executed by an individual working inside Vodafone,” the company said in a statement provided to SecurityWeek. “An individual has been identified by the police and their assets have been seized.”

The data accessed by the attacker includes customer names, addresses, gender, birth dates, bank account numbers and bank sort codes, the telecommunications giant said.

Vodafone LogoVodafone said credit card numbers, passwords, PINs, and mobile phone numbers were not exposed. No personal call information or browsing data was accessed by the attacker.

The company said the attack was discovered on September 5, but said authorities had requested that the breach remained under wraps while an investigation was conducted.

German news agency DPA reported that the suspect had worked for a contractor of the company and was not a Vodafone employee.

“This attack was only possible with high criminal energy, insider knowledge and found hidden deep in the company’s IT infrastructure instead,” Vodafone Deutschland said in an online statement translated from German.

The breach is limited to customers in Germany who will be notified by mail.

Advertisement. Scroll to continue reading.

Because the attack was conducted with insider knowledge, the company said it changed the passwords and certificates of all administrators, and completely re-installed (wiped) the affected server for security reasons.

The phone company did warn customers about possible Phishing attacks stemming from the breach, which could be used as a means to gather passwords and credit card information from customers.

Given the fact that the attackers have significant amounts of personal information, they have the ability to create highly customized phishing emails that could look legitimate.

Vodafone advised customers to take caution when receiving telephone or e-mail inquiries in which they are asked to hand over personal information such as passwords or credit card information.

“We have instructed independent security experts to advise on the potential implications for the individuals affected so we can offer them advice and take the best action to help them,” the company said. “In the absence of passwords, PINs or credit card details it is very unlikely that criminals would gain direct access to an individual’s bank account. However, there is a heightened risk that the criminals may request a fake direct debit application which would be immediately visible to the account holder and which could be immediately blocked or reversed under well-established banking protection measures.”

Vodafone said it would take all necessary steps to further improve the security of its systems to protect them from future criminal attacks.

This incident, along with recent headlines created by NSA leaker Edward Snowden, remind us that the insider threat is alive and well. However, while insiders are an important threat to protect against, Verizon’s 2013 Data Breach Incident Report (DBIR) showed that insiders accounted for only 14 percent of the data breaches included in the report.

Earlier this month, Verizon agreed to pay $130 billion to buy Vodafone out of its 45 percent stake in Verizon’s U.S. wireless business.

Related ReadingNetwork Security – Inside Out or Outside In?

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.