Vodafone Iceland has been breached by a Turkish hacker group called Maxn3y, and as many as 77,000 customer records have been compromised in addition to the defacement of the company’s webpage.
A large file was released by the hackers which appears to contain usernames, encrypted passwords, and other account details, but the company insists that no banking or payment information was exposed in the breach.
The data dump of the compromised records seems to contain information from 2011, though Vodafone officials are urging customers to change their login credentials as a precaution against account takeover.
Vodafone issued the following (translated) statement:
“It appears that the hacker who attacked the Vodafone website last night had breached sensitive data unlike what was thought at first. Work is in progress to evaluate the overall scope of the case with most capable data and security experts in the country. Vodafone takes the issue very seriously and will provide details as they become available. The company apologizes for the fact that the initial notification stated that no confidential information was found to have been compromised.”
Back in September, Vodafone Germany was similarly hacked, and as many as two million customer records had been compromised, some including banking details.
“The offender gained access to the master data of 2 million people. He stole names, addresses, dates of birth, gender, sort codes and account numbers. It is certain that the perpetrator had no access to credit card information , passwords , PIN numbers , mobile phone numbers or data connection,” the company said in a statement (translated from the original German).
The company said it planed on taking immediate steps to bolster security in their operations centers to mitigate the threat of any similar breaches in the future, though it seems to have had no impact on preventing this latest breach.