Unauthorized access to a Vodafone employee resulted in the disclosure of personal and banking details of a “limited number” of customers of the telecommunications company in Spain, which has already notified those involved by text message or email.
“Unauthorized access to data of a Vodafone employee was detected, compromising personal and banking details of a limited number of customers, who were notified by text message or email,” the National Cybersecurity Institute (Incibe) said.
The data in question, which does not contain access passwords, is linked to corporate accounts and their authorized and private users, but not to prepaid customers.
According to Efe, the accessible data includes the name, identification or tax number, contact number, email address and bank account of those affected or of customers of the affected company, in addition to the telephone number in the case of individuals.
Vodafone explained that as soon as it became aware of the incident, it began working with the employee to stabilize the situation and activate the necessary strengthening measures in the IT systems.
It implemented existing external and internal protocols, including communication with those potentially affected, as well as notification to the Spanish Data Protection Agency (AEPD) and Incibe, which classified the incident with a level of high importance (four out of five).
Incibe confirmed that the affected entities have stabilized the situation and activated all necessary reinforcement and security measures to limit possible damage.
Both Vodafone and Incibe have issued a series of recommendations to affected users, such as not visiting websites that are not secure and do not provide personal information.
Source: DN
