The Australian Privacy Commissioner, Timothy Pilgrim, has been tasked with investigating Vodafone’s latest security breach and will meet with the telco later today.
The Sunday Age revealed that Vodafone had made the personal details of millions of customers available to dealers via the Internet, rather than a private intranet. The article alleged that criminal organisations had used the information to intimidate enemies.
The information was not available to the general public and passwords as well as log in details were required to access customer details. These included when and where calls were made as well as the destination numbers.
Pilgrim said he’d conveyed his concerns in a phone conversation with Vodafone CEO, Nigel Dews, earlier today. He said the investigation would now wait for a preliminary report from the telco on the issue, which is due within the 24 hours.
“Based on the allegations, I’m concerned there may have been a breach of quite a bit of information,” he said. “[Dews] assured me of full cooperation in trying to resolve this matter as quickly as possible,” he said. “We don’t know the details of the breach at this stage…[Vodafone’s report] will determine the extent of any follow-up investigative work that we need to undertake.”
Pilgrim also said he hoped telcos would allow customers with security concerns to remove their details from easily breached databases.
“The Privacy Act stipulates that all organisations must take appropriate steps to ensure the security of any personal information they hold,” he said. “We would expect that regardless of the medium…the information would be secured so that it can’t be accesses by people by people who have no rights to be seeing it.
“If people are feeling threatened at all by other parties, my advice is that they should be going to the police as well as Vodafone.”
The news comes as the embattled mobile carrier continues to face a potential class action suit from law firm, Piper Alderman, and around 9000 customers due to poor call/Internet quality and customer service.