On Saturday, Vodafone UK told customers that attackers used information obtained from an external source to target customer accounts late last week. The attack was stopped, but not before 1,827 accounts were accessed.
The telecom says in an announcement that the external attack happened between midnight on Wednesday 28 October and midday on Thursday 29 October. An investigation was launched and the relevant government agencies (ICO, NCA) were notified on Friday.
"This incident was driven by criminals using email addresses and passwords acquired from an unknown source external to Vodafone. Vodafone’s systems were not compromised or breached in any way," Vodafone's announcement says.
The investigation showed that 1,827 customers had their accounts accessed. The data that was obtained included their name, mobile phone number, banking short code, and the last four digits of their bank account.
"No credit or debit card numbers or details were obtained. The information obtained by the criminals cannot be used directly to access customers’ bank accounts. However, this information does leave these 1,827 customers open to fraud and might also leave them open to phishing attempts," the announcement went on to say.
All of the access accounts have been blocked and the account owner will be contacted directly in order to change their account details. Vodafone says they've also contacted the impacted customer's banks to make them aware of the incident.
"We would like to make clear that only the 1,827 customers who will be notified today have been affected by this incident: no other customers need to be concerned," Vodafone stressed.
The source of the data used by the attackers isn't clear. Each day, stolen personal information is bought and sold by criminals on forums that exist in the shadier parts of the Internet for pennies on the dollar.
Often, consumers recycle their usernames and passwords, which lead to additional exposure when third-party services are accessed.
In related news, law enforcement made an arrest on Friday in relation to the TalkTalk data breach, the third in the case so far. Police say the 20-year-old was arrested in south Staffordshire on Saturday. His arrest came two days after the second arrest; a 16-year-old boy in Feltham. The first arrest came just days after the breach was announced.