Vodafone Australia is in hot water again over reports lax privacy standards have compromised the personal information of millions of its customers.
The private details - such as credit card details, drivers' license numbers, home addresses and call logs - of around four million Vodafone users are available through a freely-accessible website, the Sydney Morning Herald reported.
This site is protected only by password logins, which are made available to potentially thousands of people including employees at Vodafone retail stores and resellers, and are able to be freely passed around.
The Herald said it had learned of some criminal groups paying for access to the information, planning to use the details to extort some Vodafone customers. It also discovered instances where people have obtained logins to check up on their spouses via call logs.
Vodafone has confirmed it is investigating the alleged breaches.
Australian privacy commissioner Timothy Pilgrim is expected to consult with Vodafone about the issue today.
His office has the power to conduct an own-motion investigation, and even order that Vodafone pay compensation to affected customers – though it has never exercised that right before.
Vodafone Australia, already sweating in the spotlight over complaints of ongoing network outages and congestion, now also faces having breach of privacy claims added to a class-action lawsuit planned in response to the outages.
Law firm Piper Alderman has revealed it will send letters out to the thousands of Vodafone customers who have registered an interest in joining the legal action, and will add claims to the suit if the respondents can provide details of privacy breaches.