Vodafone has said in a media statement that it has terminated several employees in response to revelations by a Sydney newspaper that customer data were publicly available on the internet and compromised.
The company has also said that it has referred the matter to the New South Wales Police.
“We take data security and the storage of our customers’ information extremely seriously,” Nigel Dews, CEO of Vodafone Hutchison Australia – its parent company in Australia – said. “We are conducting a thorough investigation of the incident and of our own security systems and processes and have taken immediate action.”
The company is also conducting a review of its security systems.
“Security can always be improved and the additional measures being implemented as a result of our review
will increase security and further limit the risk of people doing the wrong thing. Some of the initiatives we
had already planned for this year are being brought forward and we will also be conducting an additional
independent security review.”
Sydney’s Sun-Herald newspaper revealed on January 9 that the company’s customer database was accessible on the internet and that several employees had used the system to track SMS messages and call logs of their partners. Even worse was that usernames and passwords to the system were in the hands of criminal gangs.
“I was surprised at how quickly and easily the customer database could be opened from anywhere by someone unconnected to Vodafone. I could see my full name, address, driver’s licence number, date of birth, the pin number to access and change details on my Vodafone account,” the investigative journalist wrote in a piece for the paper.
The Privacy Commissioner has said that it will be investigating the breach, and Vodafone is cooperating with their investigation.