Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Insider Steals Data of 2 Million Vodafone Germany Customers

timothy posted 1 year,7 days | from the your-information-is-very-important-to-us-please-hold dept.

Businesses 40

wiredmikey writes "Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany. 'This criminal attack appears to have been executed by an individual working inside Vodafone,' the company said in a statement provided to SecurityWeek. 'An individual has been identified by the police and their assets have been seized.' The company said the attack was discovered on September 5, but said authorities had requested that the breach remained under wraps while an investigation was conducted. The data accessed by the attacker includes customer names, addresses, gender, birth dates, bank account numbers and bank sort codes, the telecommunications giant said. Vodafone said credit card numbers, passwords, PINs, and mobile phone numbers were not exposed, and no personal call information or browsing data was accessed."

cancel ×

40 comments

Sorry! There are no comments related to the filter you selected.

Phase 2 of Verizon's plan... (1)

Anonymous Coward | 1 year,7 days | (#44830863)

commencing.

Re:Phase 2 of Verizon's plan... (0)

Anonymous Coward | 1 year,6 days | (#44837595)

and what is the name of the vendor supposedly provided the work force here?

So much for DLP... (1)

Anonymous Coward | 1 year,7 days | (#44830881)

Vodafone have a group license for Symantec DLP - once again shown to be useless in the face of a determined data thief!

Re: So much for DLP... (0)

Anonymous Coward | 1 year,7 days | (#44832097)

Most data loss monitoring tools would have done a better job than DLP - with no where near the overhead on the systems. It's no coincidence that DLP software slows endpoints down - most of it is written by AV vendors!

Re: So much for DLP... (1)

cavtroop (859432) | 1 year,7 days | (#44833281)

DLP is not just on endpoints. There can also be appliances inspecting all outbound traffic (including SSL decryption if you want) and scanning all email, samba shares etc etc.

having said that, I've dealt with DLP, and it only catches the stupid ones. Anyone with a little knowledge can usually bypass DLP fairly easily.

http://pjmedia.com/instapundit/175771/ (-1)

Anonymous Coward | 1 year,7 days | (#44830891)

September 11, 2013

WASHINGTON POST: The Colorado recalls dealt a serious blow to gun-control advocates. Here’s why. “Something pretty remarkable happened in Colorado on Tuesday night. John Morse, the Democratic president of the state Senate, was recalled from office. So was Democratic state Sen. Angela Giron. Taken together, the losses arguably represent the biggest defeat for gun-control advocates since the push for expanded background checks failed in the U.S. Senate earlier this year. . . . It’s not every day that you see an incumbent recalled from office, let alone someone as high-profile as a state Senate president. The message the defeat of Morse and Giron sends to legislators all across the country is unmistakable: If you are thinking about pushing for new gun-control laws, you could face swift consequences.”

Well, when you try to deny people’s civil rights, there should be swift consequences.

UPDATE: Slow Learner: Wendy Davis Wants Double-Barreled Assault on Texans’ Gun Rights. “The Texas Democrats of ‘white primary’ infamy are lining up behind state Sen. Wendy Davis of Fort Worth as she mulls a run for governor. Texas has not elected a Democrat governor since 1990, and has not elected any Democrat to any statewide office in a generation. One would think that the Democrats in Texas would take a lesson from its decades of defeat and moderate toward the middle. That doesn’t seem to be in the cards.”

ANOTHER UPDATE: More from Dave Kopel. “It’s one thing for a deliberately polarizing legislator like Morse to lose a close race in a swing district. It’s quite another for Giron to lose by 12 points in a district that is 47% Democratic and 23% Republican. One reason is that in blue collar districts like Pueblo, there are plenty of Democrats who cling to their Second Amendment rights. As the Denver Post noted, 20% of the voters who signed the Giron recall petitions were Democrats.”

It's no big deal (1)

Anonymous Coward | 1 year,7 days | (#44830897)

Had it been the NSA stealing the data there wouldn't have been a problem nor arrests.

Re:It's no big deal (0)

cavreader (1903280) | 1 year,7 days | (#44831465)

And if Snowden was the one who stole the data you would call him a hero.

Re:It's no big deal (0)

Anonymous Coward | 1 year,7 days | (#44835579)

You don't steal data, you copy it.

So browsing history is 'saved'? (5, Insightful)

Skiron (735617) | 1 year,7 days | (#44830915)

Vodafone said credit card numbers, passwords, PINs, and mobile phone numbers were not exposed, and no personal call information or browsing data was accessed."

So, a simple statement that shoots one in the foot. They do save what users get up to on the web.

Re:So browsing history is 'saved'? (1)

lesincompetent (2836253) | 1 year,7 days | (#44830943)

They've simply mentioned it en passant, you're not supposed to notice, let alone complain about it.

Who's complaining? (1)

Skiron (735617) | 1 year,7 days | (#44830975)

I don't use Vodaphone - morse code for me.

Re:So browsing history is 'saved'? (1)

Em Adespoton (792954) | 1 year,7 days | (#44831231)

Please mod this up; it's important that people notice this detail.

Also interesting to note that they appear to be playing down the fact that the information required to withdraw money directly from a bank account or set up automatic payments was compromised. It doesn't really matter if your credit card was stolen when the account that the card gets paid off from is in the hands of the attackers. They can easily apply for NEW cards with this information.

Re:So browsing history is 'saved'? (1)

aix tom (902140) | 1 year,7 days | (#44832191)

Well to actually *withdraw* money they would either need my ID card (if they try to get it out of a human teller that doesn't know me personally) or my cash card and pin number (to get it at an ATM), too.

To set up automated payments they would either also convince a human teller that they are me, or log into an on-line banking account with the login credentials the don't have.

To apply for new cards the same thing.

They *could* of course pull money out of my account via direct debit, but then I would have 6 weeks to reverse the transfer.

"names, addresses, gender, birth dates, bank account numbers and bank sort codes" is (sans the birth date and gender) basically what is printed in most business letterheads anyway.

Re:So browsing history is 'saved'? (1)

Em Adespoton (792954) | 1 year,7 days | (#44832607)

If they've got your name, address, bank account number and sort code, they can write a check or automated payment in your name. They MAY need your mother's maiden name as well as your DOB as verification, so you may be protected via them not having the maiden name. But that's not too difficult to find when armed with the rest of that info.

I've never seen bank account and sort code printed in business letterhead; that move seems awfully risky. There's a reason banks recommend you not put your full name and address on your checks anymore; it's because all that information tied together is an excellent start point for identity theft.

Re:So browsing history is 'saved'? (1)

WoOS (28173) | 1 year,7 days | (#44832875)

they can write a check or automated payment in your name.

No cheques anymore in Germany (and the rest of Europe) for decades. We use bank transfers for which you either need login credetials for the internet access to the account or a somewhat similar looking signature for a written transfer form. And a scapegoat whose account you can use as the target account. So the GP is right. Not enough information to withdraw money or transfer it. Maybe the US is a bit behind in this ;-)

Re:So browsing history is 'saved'? (1)

qaz123 (2841887) | 1 year,7 days | (#44833091)

It's impossible in Europe to withdraw money from your account only knowing "name, address, bank account number and sort code".

Re:So browsing history is 'saved'? (0)

Anonymous Coward | 1 year,7 days | (#44832621)

They *could* of course pull money out of my account via direct debit, but then I would have 6 weeks to reverse the transfer.

Up to 13 months if they can't provide an authorization from you to withdraw the money.

But until you notice they can buy lots of stuff from Amazon with your account information.

Re:So browsing history is 'saved'? (1)

V for Vendetta (1204898) | 1 year,7 days | (#44831289)

[... ] or browsing data was accessed

My guess is that they're talking about proxy servers here, which isn't too uncommon for ISPs.

Re:So browsing history is 'saved'? (0)

Anonymous Coward | 1 year,7 days | (#44831675)

They listed all sorts of stuff that wasn't accessed ... so what was accessed?

Re:So browsing history is 'saved'? (1)

NotQuiteReal (608241) | 1 year,7 days | (#44831849)

Who cares about credit card numbers? That's a problem for the credit card companies. Losing my bank account numbers and bank sort codes would effect me.

The data was "stolen" (1)

fustakrakich (1673220) | 1 year,7 days | (#44830919)

The new euphemism for handed over by "request".

Wow (1)

return 42 (459012) | 1 year,7 days | (#44830949)

Somebody grabbed tons of personal data and it wasn't the NSA? Stop the presses!

Re:Wow (1)

Skapare (16644) | 1 year,7 days | (#44831233)

Who said it wasn't the NSA? Do you believe what you read on Slashdot.

'An individual ... their" (-1)

Anonymous Coward | 1 year,7 days | (#44831169)

'An individual has been identified by the police and their assets"

Typical German.

They, is not, an individual. This, from a German, what you get is. Learn to write American or don't write at all.

Re:'An individual ... their" (1)

Skiron (735617) | 1 year,7 days | (#44831565)

Learn to write American or don't write at all.

Uh Umm. It's called ENGLISH. Bastardised German is as bad as English (US).

Re:'An individual ... their" (0)

Anonymous Coward | 1 year,7 days | (#44831779)

"Their" is a possessive pronoun that is gender neutral. Since we don't know if the arrested individual was male or female using "their" is grammatically correct.

Re:'An individual ... their" (0)

Anonymous Coward | 1 year,7 days | (#44832215)

They're right in using their right there. But the thief is known (male), so his should have been used ... there.

Stolen? (0)

Anonymous Coward | 1 year,7 days | (#44831193)

Stolen? Or copied?

And yet again ... (2)

Skapare (16644) | 1 year,7 days | (#44831215)

... most businesses will accept this information as if it came from the original person, without really checking who it is coming from. And thus identity theft works ... not because the identity is taken, but because these businesses assume identity equals authorization.

Re:And yet again ... (0)

Anonymous Coward | 1 year,7 days | (#44833535)

... most businesses will accept this information as if it came from the original person, without really checking who it is coming from. And thus identity theft works ... not because the identity is taken, but because these businesses assume identity equals authorization.

Not so much in Europe.

FIRST POST (-1)

Anonymous Coward | 1 year,7 days | (#44831341)

a sad world. At correct netwo8k TCP/IP stack has before playing to hot on the heels of the bottoms butt up today! If you

mo3 0p (-1, Offtopic)

Anonymous Coward | 1 year,7 days | (#44831443)

Best thing (1)

rainer_d (115765) | 1 year,7 days | (#44831741)

They have an online form where you can check if your data was in the compromised lot. It requires to enter your bank- details...

That's so ..... fishy

Actually quite a feat (2)

gweihir (88907) | 1 year,7 days | (#44831751)

From what I hear from an insider, with the near-catastrophic state that Vodafone IT is in, getting this much data out is quite a feat.

That may also be how the caught him: Even more catastrophically bad response times ;-)

Re: Actually quite a feat (0)

Anonymous Coward | 1 year,7 days | (#44832155)

I've heard similar stuff - their security implementation programmes are nearly a year behind schedule, mainly down to someone thinking it would be a good idea to hire CLAS consultants to implement everything. Like THAT'S going to get done in a timely fashion!

Re:Actually quite a feat (0)

Anonymous Coward | 1 year,7 days | (#44834155)

As far as I know, customer data is still transported between various internal systems with USB drives. There are disparate, somewhat incompatible systems that are cobbled together in various ways. I'm not surprised at all that some subset of the customer data is easy to access/export.

Re:Actually quite a feat (1)

gweihir (88907) | 1 year,7 days | (#44835709)

Hehehe, that would explain it. My source did not have that information.

frist s7op (-1)

Anonymous Coward | 1 year,7 days | (#44832669)

However I don't Reciprocati8g leeson and was at the same

Misleading headline (1)

Hentes (2461350) | 1 year,6 days | (#44842193)

Insider Steals Data of 2 Million Vodafone Germany Customers

Walking out with that many people without getting noticed would've been quite a feat.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>