Small businesses could be hurt by Vodafone’s alleged security breach, with the personal details of millions of customers made available online.
Media reports claim customer details including names, home addresses, drivers’ license numbers and credit card details have been made available on the web.
Vodafone chief executive Nigel Dews says the breach appears to have been triggered by the sharing of a password.
The company has confirmed it is investigating a security breach but denies customers’ personal details are publicly available on the internet.
“Customer information is stored on Vodafone’s internal systems and accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password,” a Vodafone spokesperson said in a statement.
“Any unauthorised access to the portal will be taken very seriously, and would constitute a breach of employment or dealer agreement and possibly a criminal offence.”
The spokesperson says all passwords have been reset, and Vodafone’s training and systems procedures are under review.
Justice Minister Brendan O’Connor has raised the matter with the Office of the Privacy Commissioner.
The commissioner, Timothy Pilgrim, has the power to conduct an “own motion” investigation on behalf of affected customers and direct that compensation be paid.
The Privacy Act requires private companies to take reasonable precautions to protect personal data.
Any Vodafone customer is therefore entitled to ask when and to whom the firm has disclosed their information.
Piper Alderman lawyer Sasha Ivantsoff will this week mail a questionnaire to 12,500 Vodafone customers, stating he may extend a planned lawsuit relating to quality of service if their responses detail breaches of privacy.
Peter Strong, executive director of the Council of Small Business of Australia, says there are two issues at hand for businesses that use Vodafone as their service provider.
“Something could happen in the form of blackmail or spam but there’s also the issue of fear – businesses are worried about what’s going to happen,” Strong says.
“[The security breach] could force customers to change their phone number. For a lot of business owners, their phone is their business and they don’t want to have to compromise that in any way, shape or form.”
Strong says the security breach sends a strong message to other service providers and banks to review their security systems, particularly in light of recent technical glitches on the part of NAB and Virgin Blue.