Almost 2,000 Vodafone customers may be open to fraud after their personal details were accessed.
Criminals used customer details gained from “an unknown source” to try to access accounts between Wednesday and Thursday, the company said.
The telecommunications giant said 1,827 customers had their accounts accessed, with criminals potentially gaining their names and some bank details.
But it insisted its systems had not been breached.
Vodafone said its investigation and “mitigating actions” meant only a “handful” of customers had been subject to any fraudulent attempts to use their data.
Security ‘fundamentally effective’
It comes just over a week after the phone and broadband provider TalkTalk was subjected to a cyber attack in which personal and banking details may have been accessed by hackers.
Vodafone said its security protocols had been “fundamentally effective”, but the criminals had potentially gained customers’ names, their mobile phone numbers, bank sort codes and the last four digits of their bank account numbers.
What should those affected do?
Vodafone says it has notified the 1,827 affected customers and there is no need for other customers to be concerned.
Those who are affected should:
- Get in touch with their banks so that further action can be taken to protect their accounts
- Be aware of phishing emails – messages sent by criminals that appear to be from a trusted source and seek to gain personal details
- Similarly, avoid giving out private details such as banking passwords, login details or account numbers
- Report any unusual activity on your accounts to your bank and, if you are in England, Wales or Northern Ireland, to the national fraud and internet crime reporting centre Action Fraud on 0300 123 2040 or www.actionfraud.police.uk. If you are in Scotland, call Police Scotland
- Get a credit report to alert you of any key changes on your credit file which could indicate fraudulent activity
The company said the details could not be used to access customers’ bank accounts but the information meant they could be at risk of fraud or phishing attempts – the practice of sending emails purporting to be from reputable companies.
The BBC’s technology correspondent Rory Cellan-Jones said the email addresses and passwords criminals used to try to access Vodafone accounts appeared to have been bought on the dark web.
A Vodafone spokesman said the affected Vodafone accounts had been blocked and their banks notified.
The National Crime Agency, the Information Commissioner’s Office and Ofcom have been notified of the incident, Vodafone added.