Monday, 16 September 2013
Vodafone Acknowledges Serious Security Breach
Late last week it was learned that Vodafone Germany was the victim of a very serious security breach that compromised the personal information of more than 2 million customers. The German arm of the UK-based phone network acknowledged the security breach but claimed the potential damage was limited.
Exactly when the breach occurred is not clear. Vodafone officials say German authorities asked them immediately after discovering the breach not to publicly disclose it. They were afraid public disclosure might interfere with their investigation. Vodafone only acknowledged the problem last week once the police investigation was concluded.
According to company officials, the security breach was an inside job carried out by an employee who had knowledge regarding the most sensitive parts of the company's networking and data systems. The highly complex breach was so sophisticated that it would not have been something the average IT worker could have pulled off. Even so, that does not allay the fears of consumers worried their personal data may have been compromised.
The attack resulted in the perpetrator stealing names, addresses, dates of birth and some limited bank account information from internal network sources. However, Vodafone insisted the perpetrator did not gain access to credit card details, PINs and passwords, or mobile phone numbers. Nonetheless, the data that was stolen could be used for criminal purposes.
The good news is that the individual was identified and arrested. Furthermore, his home was searched and his assets seized. Vodafone is fairly confident they have contained the damage, saying in an official statement that customers have nothing to worry about at this point.
It should be noted that Vodafone operates in several countries throughout Europe including Greece, Ireland, Italy, and Spain. In Germany, the company has some 36 million customers. Vodafone officials say the attack involved only that German group. Customers in other countries have not been affected by the attack.
In this day and age of cloud computing, virtualisation, and global communications, this attack serves as a reminder that external security threats are not the only thing companies need to worry about. Internal security is just as important, if not more so.
In its own defence, Vodafone rightly asserted that it maintains ‘world-class security systems which are constantly updated and upgraded’. It would appear those same security systems also enabled them to quickly identify the most recent internal security breach so that the perpetrator could be apprehended quickly. Kudos to them for that.
At the same time, continued vigilance is an absolute must. As the world becomes more interconnected through the Internet and mobile devices, it becomes more and more likely that such internal attacks will increase. It is imperative for everyone in the industry to do whatever is necessary to strengthen security systems.
This should include things like better hardware and software, better infrastructure design, and improved operational protocols. Yet it also includes the ability of IT security experts to remain flexible to adapt quickly to whatever threats come their way...