Vodafone Victim of Insider Breach
2 Million Customers Affected by IntrusionTelecommunications company Vodafone is notifying about 2 million of its customers in Germany of a breach of sensitive financial information after it verified a highly sophisticated intrusion into one of its servers by an insider.
See Also: OnDemand Webinar | Utilizing SIEM and MDR for Maximum Protection
"This attack was highly complex and conducted with inside knowledge of our most secure internal systems," according to a statement the company provided to Information Security Media Group. "An individual has been identified by the police and their assets have been seized."
The breach provided access to names, addresses, birth dates, bank sort codes (numbers used to route money transfers between banks) and bank account numbers for individuals seeking to sign up with Vodafone Germany, the company said.
No other Vodafone markets are affected by the breach.
The Insider Threat
In the wake of Edward Snowden's leaks of sensitive documents at the U.S. National Security Agency, "the Vodafone breach is another wake-up call that the most serious breaches involve insider threats and privileged users, or even advanced threats that leverage internal privileges to escalate attacks," says Eric Chiu, president and co-founder HyTrust, a security company.
"Only by implementing strong access controls ... as well as role-based monitoring can companies secure critical systems and data," he adds.
To help address the insider threat, organizations must improve the management of privileged access accounts to limit the amount of data system administrators can access and restrict some of their activities on the network, experts advise [see: Insider Threat: Limit Privileged Access].
Notification
Vodafone is contacting all affected individuals and providing support to minimize the risk of identity theft, according to its statement. "We have instructed independent security experts to advise us on the potential implications for the individuals affected so we can offer them the best action to help them."
The company said that once it learned about the incident, it contacted authorities and took steps to minimize the impact to customers in Germany.
"We were immediately told by the authorities that we must not disclose any details publicly to avoid compromising the active law enforcement investigation," Vodafone said. "As the first phase of that investigation has now concluded, we are now contacting all those individuals affected in cooperation with the authorities."
Vodafone is warning of a heightened risk that its customers could become victims of phishing attacks. The company is urging its customers to be on the lookout for any suspicious e-mails. It's also recommending that customers review their bank accounts.