Vodafone Italia, the Italian subsidiary of the UK-based telecommunication major, has alerted its customers of a data breach, after learning that FourB S.p.A., a local reseller of the company, became the victim of a cyberattack.
Vodafone breach alert
In a letter to the customers about the Vodafone breach, the company stated that critical subscriber information was compromised during the first week of September as a result of the incident. Contact information, sensitive data-containing identity papers, and subscription information were all exposed information.
With the risk of being targeted by fraudsters and phishing growing exponentially, Vodafone Italia has advised its customers to be on the lookout for any incoming communications, particularly the ones that call for urgent actions.
The letter states that FourB has blocked access to the compromised servers and increased security on its systems to avoid a repeat of the incident.
Earlier data breach warning
Coincidentally, Vodafone breach disclosure follows the claim of hacking organization going by the name of KelvinSecurity on September 3, 2022 about data being leaked from the company.
According to KelvinSecurity, which calls itself a gray hat hacking activity group, a cache of 295,000 files totaling 310 GB that it purportedly acquired from Vodafone Italia was made available for sale, and the cache was marketed on chat services and at least one hacker site.
At the time, Vodafone issued a brief statement in response to the breach rumor stating that they were still looking into the matter but had not discovered any proof of unauthorized access to the organization’s internal IT systems.
Telecom, preferred cybercrime target
Large user data makes telecom companies hot cakes in dark web marketplaces, while its position in the critical national infrastructure (CNI) of national economies make it preferred targets of nation-state attacks. Telecom majors like Vodafone construct, manage, and employ vital infrastructure that is frequently used for sensitive data storage and communication, making them major targets for cyber-attacks.
“Given that telecom companies control critical infrastructure, the impact of an attack can be very high and far-reaching. In fact, even the false claim of an attack can force a telecom company to shut down critical services that consumers and businesses rely on,” Deloitte said in its briefing for global cyber executives.
“Customer data is another popular high impact target. Telecom organizations typically store personal information — such as names, addresses and financial data – about all of their customers. This sensitive data is a compelling target for cyber-criminals or insiders looking to blackmail customers, conduct identity theft, steal money or launch further attacks.”