Vodafone is the second British telecommunications company in two weeks to be on the receiving end of a serious hack.
Yet another UK telecom company has fallen victim to hackers.
Mobile network Vodafone said on Saturday that it was subject to a cyberattack on Wednesday and Thursday, with 1,827 customer accounts left exposed. This follows a “significant and sustained cyberattack” on UK broadband provider TalkTalk two weeks ago.
Police said on Sunday that they have arrested and bailed a third man in relation to the TalkTalk hack. The unnamed 20-year-old was arrested on suspicion of Computer Misuse Act offences at an address in Staffordshire, which has been searched by police. This follows the arrest of two teenage boys — one in London and one in Northern Ireland — and suggests that the attack was coordinated, rather than the work of a lone individual.
Vodafone says it has contacted affected customers to let them know that their names, mobile numbers, bank account sort codes and part of their account numbers might have been accessed by hackers.
TalkTalk and Vodafone are just the latest in a long list of companies targeted due to their storage of customer data. Such attacks render consumers powerless to control who can see their data and negatively impacts trust between companies and their customers. Data may be used against customers in a number of ways, with the ultimate goal of gaining access to their bank accounts, or creating new accounts and taking out loans under their names.
Victims of hacking can be the target of phishing calls and emails, which are designed to prise further personal information from them, explains Ryan Wilk, director at NuData Security, or their data can be sold onto third-party aggregators, who cross-reference it to build up full profiles.
“The creation of fraudulent accounts is on a sharp rise,” Wilk said. “Of the 500 million plus account creations we analyzed over a few months, more than 57 percent of them were flagged fraudulent and account creation fraud has risen over 100 percent since February of this year alone.”
Initially TalkTalk said that all of its 4 million customers might have been victims in the attack, but on Friday revised the number down to 1.2 million. This number refers to the customer email addresses, names and phone numbers. Of these customers, 21,000 unique bank account numbers and sort codes were exposed and 28,000 obscured credit and debit card details.
“On behalf of everyone at TalkTalk, I would like to apologise to all our customers,” said the company’s CEO Dido Harding in a statement. “We know that we need to work hard to earn back your trust and everyone here is committed to doing that.”
TalkTalk is offering 12 months of credit-monitoring alerts from Noddle to customers for free. It has also shared details of exposed bank accounts with the banks in question so that they can take action to protect affected customers, should anyone attempt to defraud them. The company continues to warn customers to watch out for scam phone calls and emails.
Detective Superintendent Jayne Snelgrove of London’s Metropolitan Police Cyber Crime Unit praised the way TalkTalk has handled the hack, saying that the company has “done everything right in bringing this matter to our attention as soon as possible.”
“Our success relies on businesses being open with us and each other about the threats they encounter,” she added.