Original URL: http://www.theregister.co.uk/2011/01/13/vodafone_response_privacy_breach/

Vodafone sacks login leakers

Insiders less secure than Internet, apparently

By Richard Chirgwin

Posted in Broadband, 13th January 2011 23:15 GMT

Vodafone has dismissed “a number of staff” following the misuse of login credentials that allowed unauthorized access to a Web portal meant to be accessible only to its employees and those of its resellers.

The data breach, misinterpreted as customer details being published on the Internet by a number of Australian media outlets earlier in the week, led to accusations that customer data such as credit card numbers was being stolen, and that people were misusing customer data to spy on individuals.

In an announcement made on Thursday, Vodafone re-stated that “customer records are not publicly available or stored on the Internet”.

The company says it is continuing to review its data security.

Questions will, however, remain. As pointed out to The Register by ANU professor and Australian Privacy Foundation chair Dr Roger Clarke, Vodafone will have to satisfy organizations like the Australian Privacy Commissioner that the portal used by staff and partners doesn’t provide access to more customer data than they need to carry out their normal functions. ®