According to Vodafone’s press release, around 2000 of their customers have been affected. Their personal information was accessed by hackers, who broke into the accounts last week. They “initiated a comprehensive investigation to fully understand the facts so that they could give any affected customers the best possible advice. They informed the National Crime Agency (NCA), the ICO and Ofcom of the issue on the evening of Friday 30 October.”
The information accessed involved:
- The customer’s name;
- their mobile telephone number
- their bank sort code
- the last 4 digits of their bank account
Luckily no credit and debit card numbers were obtained, so the stolen information cannot be used to get into the victims’ bank accounts – at least not directly.
Now, how could something like that happen? Was it Vodafone‘s fault? The telecommunication company says ‘no’. The release clearly states that “this incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way.”
That basically means that the victims most likely used the same password on another website that got hacked at one point in the past. Vodafone blocked all compromised accounts on Friday and contacted the affected customers.
The moral of the story? Don’t reuse your passwords.