A hacker stole the names, addresses and bank account numbers of 2 million of Vodafone Germany's customers, the operator reported. Perhaps more worrisome, the hacker exploited insider knowledge of Vodafone's systems in order to access the information.
"This attack was only possible with the utmost criminal energy as well as insider knowledge and happened deep within the IT infrastructure of the company," Vodafone said, according to Reuters.
Details of the hack are unclear, including when it occurred and exactly which systems were accessed. Vodafone said that other customer information, including credit card numbers, phone numbers and passwords, were not compromised. "It is hardly possible to use the data to get direct access to the bank accounts of those affected," the operator said. Nonetheless, the carrier said it is alerting affected customers (Vodafone counts a total of 32 million customers in the country) and is warning them of potential phishing attacks seeking additional information.
Reuters reported that the investigation into the hack is focusing on a Vodafone sub-contractor with access to the carrier's administration systems and servers.
The hacking into Vodafone is the latest in a long and growing line of corporate security failures. For example, Sony's PlayStation Network was compromised in widely reported 2011 hack. In the telecommunication market, a hacker in 2010 exploited a security hole on AT&T's servers to obtain the e-mail addresses of more than 100,000 iPad users.
Further, the issue has taken on an added complexity following revelations by former National Security Agency contractor Edward Snowden that the U.S. agency has the ability to access a wide range of information, including phone records and the contents of emails, as well as break into smartphone operating systems.
Report: NSA can hack into Apple, Google and BlackBerry smartphone data
BlackBerry hacked? NSA, GCHQ reportedly break into BlackBerry calls, messages
UK operators blamed for phone hacking failings
$40B lost by telecoms operators from revenue leakage