Vodafone alerts privacy watchdog

TOM PULLAR-STRECKER AND SIOBHAN DOWNES
Last updated 11:56 09/07/2014

Relevant offers

Industries

Competition watchdog says Sky merger rejection sets no precedents Sky TV boss says appealing merger ruling would be like having 'root canal work' Sweet spot for Kiwi travellers as competition hits air travel costs, Air NZ says Stand-down for employers who exploit migrants not enough: unions Tesla mania hits NZ: can we cope? Tensions boil over as Dunedin city leaders meet Cadbury bosses over factory closure Rejecting Sky/Vodafone merger a 'free hit' for competition watchdog Range Rover hints at sports car development Freight hub adds 300 jobs Sam Neill's from Dunedin and doesn't want you to buy Cadbury chocolate - ever again

Vodafone says it has informed the Privacy Commissioner about a data breach identified by a customer yesterday.

The customer said he had been able to access details of other people's Vodafone's accounts, including personal information, their internet usage and credit-card details by using a default password.

Vodafone spokeswoman Emma Carter said that according to its information it was possible only 24 fixed-line broadband accounts had been vulnerable. She denied credit-card information could have been compromised.

The customer said he called Vodafone's contact centre on Friday to alert it to the vulnerability and spent three "obnoxiously frustrating" hours on the phone trying to report the issue.

"It came to the point where their manager said they would call me on Monday but they didn't and I don't think they really understood the gravity of the situation," he said.

Carter said Vodafone investigated the issue overnight and identified a block of 100 fixed-line broadband accounts that were allocated the same initial activation password when their accounts were set up last month.

However, the company could not at this stage rule out the possibility there were more. Of the 100, 76 had changed their default password, she said.

Carter said Vodafone had now protected the remaining 24 accounts by resetting all the initial setup passwords on those accounts.

"We apologise for any concern this has caused our customers, and reassure them that it is not possible to access credit-card details or personal financial information," she said.

Vodafone mobile customers were not affected.

Charles Mabbett, a spokesman for the Privacy Commissioner, confirmed Vodafone had reported the incident and said it appeared to be responding appropriately.

Ad Feedback

- Stuff

Comments

Special offers

Featured Promotions

Sponsored Content