Vodafone hacker accesses banking data of two million customers in Germany

Vodafone has confirmed that hackers have accessed its servers in Germany, gaining access to personal information and bank details of approximately two million customers. The operator says the breach was a "highly sophisticated and illegal intrusion" that it believes was masterminded by an insider -- and indeed a suspect has already been identified and handed over to police. It's not often you hear about a successful raid on a mobile operator, which is why Vodafone believes it could only have been conducted by someone with an "inside knowledge of [its] most secure internal systems." Vodafone customers outside of Germany aren't affected, and those inside the country should already have been contacted. The company says credit card information, mobile phone numbers, passwords and PIN numbers were not accessed in the attack, although Vodafone is warning customers to be especially vigilant about potential phishing attacks in the future.

Show full PR text

Vodafone Germany response to security incident

Vodafone Germany announces that it has recently been subject to a highly sophisticated and illegal intrusion into one of its servers in Germany, which has resulted in the theft of a limited amount of German customer data. This criminal attack appears to have been executed by an individual working inside Vodafone. An individual has been identified by the police and their assets have been seized.
Vodafone has contacted all individuals affected and is providing all support necessary to minimise the risk of identity theft. The incident only affects those individuals who have been contacted by Vodafone Germany. No other Vodafone market is affected.

The criminals responsible have gained access to the names, addresses, birth date, gender, bank sort code and bank account numbers of approximately 2 million applications from individuals seeking to sign up with Vodafone Germany. Importantly, the criminals have not gained access to any credit card details, mobile phone numbers, passwords or PIN numbers. They have also not gained access to any personal call information or browsing data.

We have instructed independent security experts to advise on the potential implications for the individuals affected so we can offer them advice and take the best action to help them. In the absence of passwords, PINs or credit card details it is very unlikely that criminals would gain direct access to an individual's bank account. However, there is a heightened risk that the criminals may request a fake direct debit application which would be immediately visible to the account holder and which could be immediately blocked or reversed under well-established banking protection measures.

There is also a heightened risk that customers could be the victim of a 'phishing' attack under which criminals use personal information in a fake email to trick people into supplying further information online such as passwords or credit card numbers.

We recommend that customers remain vigilant when asked for their personal information from an unknown party, be wary of any emails, calls or texts which warn of account problems, and ensure they regularly check for unauthorised direct debits from their bank account. We have also made arrangements for individuals to use an independent fraud protection service at no cost to them.

As soon as we discovered the incident we took all necessary steps to stop the attack, minimise any adverse impact for our customers and notify all relevant German authorities. We were immediately told by the authorities that we must not disclose any details publicly to avoid compromising the active law enforcement investigation. As the first phase of that investigation has now concluded, we are now contacting all those individuals affected in cooperation with the authorities.

We are sending our sincere apologies to everyone affected for any disruption caused. The privacy of our customers and security of their data is our highest priority: Vodafone Germany has world-class security systems which are constantly updated and upgraded to block new emerging threats. However, this attack was highly complex and conducted with inside knowledge of our most secure internal systems.

Concerned customers should visit: