14 DAY TRIAL // The Australian Privacy Commissioner has launched an investigation into Vodafone's data handling procedures after insufficient security measures led to unauthorized people accessing sensitive customer information.
Last weekend, the Sydney Morning Herald revealed that Vodafone's employees, retailers and dealers, have access to the company's customer database over the Internet.
The database contains information such as names, home addresses, driver's licence numbers, credit card details and even call logs for a number of 4 million customers.
There is reason to believe that passwords for Vodafone's Web portal got shared with unauthorized individuals, which is not all that surprising giving the large number of people - into the thousands - with access to it.
"I am concerned about the amount of personal information that may have been disclosed which could include sensitive information," Australia's Privacy Commissioner, Timothy Pilgrim, told The Age.
"For this reason I have opened an own motion investigation into the matter today. I have spoken with the chief executive of Vodafone and he has assured me of Vodafone's full co-operation," he added.'
Vodafone launched its own internal investigation into the matter and until the source of the breach is discovered the company is rotating all passwords every 24 hours, instead of every three months as it previously did.
However, while this ensures that any password leak is short lived, it doesn't technically prevent unauthorized access. Some form of IP-based control would probably be more appropriate, but would take time to implement.
The problem could be even bigger, as Telstra, the largest telecom provider in Australia, is rumored to use the same type of customer management system as Vodafone. The company declined to comment on the matter.
Roger Thompson, chief research officer at security vendor AVG, feels the danger. "One's mind wanders and wonders how many other businesses have a similar model, and therefore, how many other shoes are waiting to drop," he said.