Telecommunications giant Vodafone has terminated an unspecified number of its employees in New South Wales following a privacy scandal that saw passwords and other personal data accessible through an internal portal.
Vodafone chief executive Nigel Dews said earlier this week the incident most likely occurred when a password only known to employees was given out.
This morning, Dews said the employees had been terminated and even the New South Wales police have been informed.
“We take data security and the storage of our customers’ information extremely seriously,” Dews said in a statement.
“We are conducting a thorough investigation of the incident and of our own security systems and processes and have taken immediate action.”
“Security can always be improved and the additional measures being implemented as a result of our review will increase security and further limit the risk of people doing the wrong thing.”
The number of employees involved, and the actual extent of their actions is yet unknown. While reports suggest these employees actually distributed passwords used for gaining access to an internal database, Vodafone was unavailable to clarify these matters before publication.
But despite the terminations, the incident is far from over. The Australian Privacy Commissioner revealed earlier this week it had started an investigation into the company. Dews says the company is cooperating fully with both the APC and the actions of New South Wales police.
The incident occurred when Vodafone staff allegedly gave out passwords that allowed access into a secure portal that contained private information including billing and credit card details.
However, Vodafone said this morning that it is untrue customers details were ever released publically on the internet. It also says security efforts have been increased during the last few days, with passwords being changed every 24 hours.
“Some of the initiatives we had already planned for this year are being brought forward and we will also be conducting an additional independent security review,” Dews said this morning.
“Vodafone is also reiterating that contrary to some reports, customer records are not publicly available or stored on the internet and credit card details held in our database are securely protected.”
The breach isn’t the first time telcos have lost control over customer data. Last year Telstra drew criticism after it sent thousands of letters to the wrong customers, revealing private billing details.
The breach has prompted calls from security experts for businesses to review their security procedures and make sure confidential data is properly protected.
Comments