A hack on a Vodafone Germany server has exposed the personal details – including banking information – of two million of its customers.
Hackers accessed names, addresses, bank account numbers and dates of birth. Phone numbers, credit card details and passwords are thought to be safe, but the leaked information is still pretty extensive and ample fodder for follow-up phishing attacks.
It's unclear when the breach took place, but it appears to have involved a successful compromise of an internal server on Vodafone's network. The German arm of the British mobile giant went public with the problem and began notifying customers on Thursday after first reporting the incident to German police.
In a statement (in Deutsch) expressing regret over the incident and promising to inform customers, Vodafone.de said that police have identified an unnamed suspect and carried out a search.
Vodafone's German subsidiary promised to beef up the security of its systems to help guard against future attacks. "This case concerns only Vodafone Germany, other countries are not affected," it said, according to a Google translation of the mobile operator's statement on the security flap. "It is virtually impossible to use the data to get directly access to the bank accounts of those affected," Vodafone told Reuters. ®