Upon further investigation, Vodafone Australia’s largest premium partner, Communications Direct, was found to be at the source of the data breach. Not only were Comms Direct staff found to be manipulating the system to earn double commission, but there were separate claims of breach of privacy as employees were also forwarding customer records outside the company. Staff members were accessing these records by using shared login details with passwords such as “password1”.
The embarrassing lack of safeguarding by Vodafone Australia means they now face the possibility of paying out compensation to up to 4 million users. It should be noted, however, that the company was using approved government security methods which raises the question of whether more stringent guidelines should be in place.