Insider Steals Data of 2 Million Vodafone Germany Customers 40
wiredmikey writes "Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany. 'This criminal attack appears to have been executed by an individual working inside Vodafone,' the company said in a statement provided to SecurityWeek. 'An individual has been identified by the police and their assets have been seized.' The company said the attack was discovered on September 5, but said authorities had requested that the breach remained under wraps while an investigation was conducted. The data accessed by the attacker includes customer names, addresses, gender, birth dates, bank account numbers and bank sort codes, the telecommunications giant said. Vodafone said credit card numbers, passwords, PINs, and mobile phone numbers were not exposed, and no personal call information or browsing data was accessed."
Phase 2 of Verizon's plan... (Score:1)
commencing.
So much for DLP... (Score:1)
Vodafone have a group license for Symantec DLP - once again shown to be useless in the face of a determined data thief!
Re: (Score:1)
DLP is not just on endpoints. There can also be appliances inspecting all outbound traffic (including SSL decryption if you want) and scanning all email, samba shares etc etc.
having said that, I've dealt with DLP, and it only catches the stupid ones. Anyone with a little knowledge can usually bypass DLP fairly easily.
It's no big deal (Score:1)
Had it been the NSA stealing the data there wouldn't have been a problem nor arrests.
Re: (Score:1)
And if Snowden was the one who stole the data you would call him a hero.
So browsing history is 'saved'? (Score:5, Insightful)
So, a simple statement that shoots one in the foot. They do save what users get up to on the web.
Re: (Score:2)
Who's complaining? (Score:2)
Re: (Score:1)
Please mod this up; it's important that people notice this detail.
Also interesting to note that they appear to be playing down the fact that the information required to withdraw money directly from a bank account or set up automatic payments was compromised. It doesn't really matter if your credit card was stolen when the account that the card gets paid off from is in the hands of the attackers. They can easily apply for NEW cards with this information.
Re: (Score:1)
Well to actually *withdraw* money they would either need my ID card (if they try to get it out of a human teller that doesn't know me personally) or my cash card and pin number (to get it at an ATM), too.
To set up automated payments they would either also convince a human teller that they are me, or log into an on-line banking account with the login credentials the don't have.
To apply for new cards the same thing.
They *could* of course pull money out of my account via direct debit, but then I would have 6 w
Re: (Score:1)
If they've got your name, address, bank account number and sort code, they can write a check or automated payment in your name. They MAY need your mother's maiden name as well as your DOB as verification, so you may be protected via them not having the maiden name. But that's not too difficult to find when armed with the rest of that info.
I've never seen bank account and sort code printed in business letterhead; that move seems awfully risky. There's a reason banks recommend you not put your full name an
Re: (Score:2)
they can write a check or automated payment in your name.
No cheques anymore in Germany (and the rest of Europe) for decades. We use bank transfers for which you either need login credetials for the internet access to the account or a somewhat similar looking signature for a written transfer form. And a scapegoat whose account you can use as the target account. So the GP is right. Not enough information to withdraw money or transfer it. Maybe the US is a bit behind in this ;-)
Re: (Score:1)
Re: (Score:2)
My guess is that they're talking about proxy servers here, which isn't too uncommon for ISPs.
Re: (Score:2)
The data was "stolen" (Score:1)
The new euphemism for handed over by "request".
Wow (Score:2)
Somebody grabbed tons of personal data and it wasn't the NSA? Stop the presses!
Re: (Score:2)
Who said it wasn't the NSA? Do you believe what you read on Slashdot.
Re: (Score:2)
Learn to write American or don't write at all.
Uh Umm. It's called ENGLISH. Bastardised German is as bad as English (US).
And yet again ... (Score:3)
... most businesses will accept this information as if it came from the original person, without really checking who it is coming from. And thus identity theft works ... not because the identity is taken, but because these businesses assume identity equals authorization.
Best thing (Score:2)
That's so ..... fishy
Actually quite a feat (Score:3)
From what I hear from an insider, with the near-catastrophic state that Vodafone IT is in, getting this much data out is quite a feat.
That may also be how the caught him: Even more catastrophically bad response times ;-)
Re: (Score:2)
Hehehe, that would explain it. My source did not have that information.
Misleading headline (Score:2)
Insider Steals Data of 2 Million Vodafone Germany Customers
Walking out with that many people without getting noticed would've been quite a feat.