The December 2022 issue of IEEE Spectrum is here!

Close bar

Vodafone Australia is facing even greater pressure from customers and government regulators after it was disclosed this weekend that personal details of as many as 4 million of its customers have been easily accessible to hackers. According to the Sydney Morning-Herald, the information that could be easily accessed includes customer names, home addresses, driver license numbers, credit card numbers, numbers dialed or texted as well as from where and when they were dialed or texted.

It has been alleged that pilfered information has already been used for spying on spouses and for blackmail purposes.

The information is a bit sketchy as I write this but apparently Vodafone customer information is accessible via a web portal used by Vodafone's mobile phone dealers. The passwords used by the dealers or by someone inside Vodafone supposedly have been widely passed around.

Vodafone disputes that there is a major customer information security breach, but also says that it has reset the password(s) to its web portal. Vodafone's CEO Nigel Dew has said that the reported incident was a "one-off breach," although it looks like from the reports coming out of Australia as a bit more than that.

The Sydney Morning Herald reports that Vodafone has been flooded with calls by angry customers worried about id theft.

As I mentioned last week, the law firm Piper Alderman was "registering potential clients" for a class action lawsuit against Vodafone for "calls dropping out, reception issues, poor data performance." At the end of last week, more than 12,500 customers had registered interest (up from 9,000 about a week before) in pursuing such a course of action. The law firm says now it may extend the lawsuit to include security breach issues as well.

The Office of the Privacy Commissioner is investigating the breach. What financial liability Vodafone faces for the breach is unclear, as there are contradictory reports about what the Privacy Commission can or cannot do. One report yesterday indicated that the Commissioner theoretically can direct Vodafone to compensate those individuals whose records have been exposed. If Vodafone cannot identify said individuals (say because it doesn't keep a detailed log of who logged into its customer accounts and specifically which accounts were accessed), the company could be facing calls for compensation to all 4 million of its customers.

However, another report today says the Commissioner's hands are tied, and Vodafone will not be penalized at all.

It will be interesting to see if this issue also engulfs Telstra, the largest telecommunication company in Australia. According to the Sydney Morning-Herald:

"[Telstra] is believed to use the same customer management system as Vodafone."

Stay tuned.

The Conversation (0)

Why the Internet Needs the InterPlanetary File System

Peer-to-peer file sharing would make the Internet far more efficient

12 min read
An illustration of a series
Carl De Torres

When the COVID-19 pandemic erupted in early 2020, the world made an unprecedented shift to remote work. As a precaution, some Internet providers scaled back service levels temporarily, although that probably wasn’t necessary for countries in Asia, Europe, and North America, which were generally able to cope with the surge in demand caused by people teleworking (and binge-watching Netflix). That’s because most of their networks were overprovisioned, with more capacity than they usually need. But in countries without the same level of investment in network infrastructure, the picture was less rosy: Internet service providers (ISPs) in South Africa and Venezuela, for instance, reported significant strain.

But is overprovisioning the only way to ensure resilience? We don’t think so. To understand the alternative approach we’re championing, though, you first need to recall how the Internet works.

Keep Reading ↓Show less