Vodafone believes that a specific IT contractor is responsible for stealing 2 million customers of its German division.
The mobile telco revealed today that 2 million customer records including names, addresses, date of birth, gender, bank sort code and account number of over two million German customers had been stolen.
Vodafone said it is likely that the attack was perpetrated by someone with insider knowledge of the company. It has identified a suspect from on its IT contractors and it is working with German authorities to track them down.
See also: Ubisoft's security questioned after data breach
”The security of data is a top priority for Vodafone," the company said in a statement on its website. "The company has IT systems that meet the highest possible standards.
"These are regularly updated and expanded. Vodafone will take all necessary steps to further improve the security of the systems and to protect them from future criminal attacks.”
Vodafone said the data did not include credit card information, passwords, call records, PIN or mobile phone numbers. It believes it was not possible for the attacker to compromise customer bank accounts using the data they stole, it is nevertheless advising customers to irregularities and to be on guard for phishing emails.
Vodafone’s 32 million mobile phone customers in other countries were unaffected, it said.
See also: Employees are the biggest security threat, most believe
This is not the first time the telco has suffered a data breach. In 2011, four million customer records were stolen from its Australian division. In that case, the blame was leveled at internal Vodafone employees, a number of whom were fired.
According to a study by privacy research firm the Ponemon Institute, employees and insiders are the most common offenders in data theft on companies.