Mobile telco VHA this afternoon said it was investigating an alleged breach of its security which has reportedly seen customers’ personal information — including details of who they called and when — made available to some individuals who have gained password access to its internal customer database for its Vodafone brand.
The Sun-Herald reported this morning that each Vodafone store had a username and a password for access to the customer database — and that the login details may have been passed on to external sources.
A journalist for the Sun-Herald, “sitting in a western Sydney business” with a laptop and someone who knew the login, was able to access all of her personal details on the system — including her name, address, driver’s licence number, date of birth, PIN number and her entire call and SMS list.
A VHA spokesperson, however, denied the alleged breach meant customer details were “publicly available on the internet”, as the newspaper had reported.
“Customer information is stored on Vodafone’s internal systems and accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password,” they said. “Any unauthorised access to the portal will be taken very seriously, and would constitute a breach of employment or dealer agreement and possibly a criminal offence.”
The telco said it would be conducting a “thorough investigation of the matter” itself and would refer the issue to the Australian Federal Police if appropriate. In addition, the telco stipulated that it took customer information and data security extremely seriously and was concerned to hear about the alleged breach.
“All passwords have been reset and a review is being undertaken of the training and process as an additional precaution,” the telco said.
VHA’s director of customer service and experience, Cormac Hodgkinson, also posted a message on the company’s Vodafone blog, reassuring customers that their information wasn’t publicly available on the internet — and that it was actually available only via secure web portal.
The alleged security problems — if true — are just the latest in a string of issues at VHA in relation to its Vodafone brand. Over the past few months the company has faced a tsunami of complaints from users about drop-outs and patchy network access, that has resulted in one local law firm preparing to sue in the telco, in a class action attack which has already attracted some 9,000 interested customers.
The focus for the customer rage over the period has been Vodafail, a fledgling website set up by Sydneysider Adam Brimo to highlight his personal problems with Vodafone. Today, someone — presumably Brimo — posted an update on the site describing the alleged security problem as being “deeply concerning”.
“We believe it warrants a serious and prompt investigation by the Australian Communication and Media Authority,” wrote Vodafail.
“If you are concerned about the privacy of your personal information, we have set up a page detailing who you should contact to file a complaint. We aim to provide further updates on this situation as it develops. Vodafone has just emailed us stating that they have briefed all their staff on the situation and will be releasing more information.”