Vodafone Australia has confirmed a leak of potentially millions of Australian customer records. The company is investigating what they believe was access by an employee or dealer via a password secured web portal.
Vodafone reset all passwords on Saturday and continued to do so every 24 hours since. The Australian Privacy Commission has begun to investigate the leak but has limited powers to penalise those in breach of the Privacy Act.
Currently the commission powers include payment of compensation to individuals and asking Vodafone to issue and apology.
Timothy Pilgrim, The Australian Privacy Commissioner said he was “concerned about the amount of personal information that may have been disclosed which could include sensitive information”
A statement from Hutch Australia said “Any unauthorised access to the portal will be taken very seriously, and would constitute a breach of employment or dealer agreement and possibly a criminal offence.”
“We are conducting a thorough investigation of the matter with our internal security experts and will refer the matter to the Australian Federal Police if appropriate. Vodafone is also offering its full co-operation to the Office of the Australian Privacy Commissioner.”