14 DAY TRIAL // Vodafone Australia is continuing its investigation into the recent breach of customer data, but so far the findings have led to the firing of several employees and involvement of the New South Wales Police.
In a press release issued today, the company notes that its review of IT systems and procedures has already resulted in several changes being made.
"We take data security and the storage of our customers’ information extremely seriously,” Vodafone Australia CEO, Nigel Dews, said.
"We are conducting a thorough investigation of the incident and of our own security systems and processes and have taken immediate action," he added.
The company had already planned changes to its IT infrastructure for this year and the implementation of some of them has been accelerated as a result of this incident.
"Some of the initiatives we had already planned for this year are being brought forward and we will also be conducting an additional independent security review," Dews announced.
The company stresses that its customer records were not publicly available or stored on the Internet, as some media reports have suggested.
They were stored on its internal systems, but were accessible by thousands of retailers and employees over the Internet via a Web portal.
Whether this can be considered a secure system or not is highly debatable. Security researchers have compared this breach with the leak of US State Department cables and noted that it is an industry-wide problem.
The fact that a large number of low ranking Army intelligence analysts had unrestricted access to so much sensitive data significantly increased the risks of one of them misusing it.
In the same way it doesn't take a genius to realize that giving full access to thousands of people to a database with sensitive customer information carries a high risk of abuse.
It doesn't even have to be intentional. The credentials used by unauthorized individuals to access Vodafone's portal could have been stolen via computer malware.