Nearly 2,000 Vodafone customers 'open to fraud' after data breach


Nearly 2,000 Vodafone customers are "open to fraud" after hackers accessed their personal details, the company has revealed.

The mobile phone giant  said 1,827 accounts had been breached, potentially providing criminals with customers' names, mobile numbers, bank sort codes and the last four digits of their bank accounts.

The incident comes just over a week since telecoms giant TalkTalk said it had been subjected to a "significant and sustained" attack on its website, which prompted fears that millions of people may have had their bank details stolen.

Vodafone said an attempt had been made to access some of its customers' account details between midnight on Wednesday and midday on Thursday.

A spokesman for the firm said: "This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone.

"Vodafone's systems were not compromised or breached in any way."

An investigation was launched by the company before the National Crime Agency (NCA), Ofcom and the Information Commissioner's Office were informed on Friday evening.

Vodafone said its security protocols were "fundamentally effective" and no credit or debit card details were accessed.

A Vodafone spokesman said: "Our investigation and mitigating actions have meant that only a handful of customers have been subject to any attempts to use this data for fraudulent activity on their Vodafone accounts.

"The information obtained by the criminals cannot be used directly to access customers' bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts.

"These customers' accounts have been blocked and affected customers are being contacted directly to assist them with changing their account details."

Vodafone said it had alerted the banks and any other customers who are not contacted by the company today need not be concerned.

On Friday, TalkTalk said the cyber attack on its website was "significantly less than originally suspected" with fewer than 21,000 unique bank account numbers and sort codes accessed.

Two teenagers who were arrested over that incident - a 15-year-old boy from County Antrim in Northern Ireland and a boy aged 16 from Feltham in west London - were released on police bail.