Security Experts:

Connect with us

Hi, what are you looking for?


Data Protection

Insider Steals Data of 2 Million Vodafone Germany Customers

Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.

Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany.

“This criminal attack appears to have been executed by an individual working inside Vodafone,” the company said in a statement provided to SecurityWeek. “An individual has been identified by the police and their assets have been seized.”

The data accessed by the attacker includes customer names, addresses, gender, birth dates, bank account numbers and bank sort codes, the telecommunications giant said.

Vodafone LogoVodafone said credit card numbers, passwords, PINs, and mobile phone numbers were not exposed. No personal call information or browsing data was accessed by the attacker.

The company said the attack was discovered on September 5, but said authorities had requested that the breach remained under wraps while an investigation was conducted.

German news agency DPA reported that the suspect had worked for a contractor of the company and was not a Vodafone employee.

“This attack was only possible with high criminal energy, insider knowledge and found hidden deep in the company’s IT infrastructure instead,” Vodafone Deutschland said in an online statement translated from German.

The breach is limited to customers in Germany who will be notified by mail.

Because the attack was conducted with insider knowledge, the company said it changed the passwords and certificates of all administrators, and completely re-installed (wiped) the affected server for security reasons.

The phone company did warn customers about possible Phishing attacks stemming from the breach, which could be used as a means to gather passwords and credit card information from customers.

Given the fact that the attackers have significant amounts of personal information, they have the ability to create highly customized phishing emails that could look legitimate.

Vodafone advised customers to take caution when receiving telephone or e-mail inquiries in which they are asked to hand over personal information such as passwords or credit card information.

“We have instructed independent security experts to advise on the potential implications for the individuals affected so we can offer them advice and take the best action to help them,” the company said. “In the absence of passwords, PINs or credit card details it is very unlikely that criminals would gain direct access to an individual’s bank account. However, there is a heightened risk that the criminals may request a fake direct debit application which would be immediately visible to the account holder and which could be immediately blocked or reversed under well-established banking protection measures.”

Vodafone said it would take all necessary steps to further improve the security of its systems to protect them from future criminal attacks.

This incident, along with recent headlines created by NSA leaker Edward Snowden, remind us that the insider threat is alive and well. However, while insiders are an important threat to protect against, Verizon’s 2013 Data Breach Incident Report (DBIR) showed that insiders accounted for only 14 percent of the data breaches included in the report.

Earlier this month, Verizon agreed to pay $130 billion to buy Vodafone out of its 45 percent stake in Verizon’s U.S. wireless business.

Related ReadingNetwork Security – Inside Out or Outside In?

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...