An investigation into possible breaches of privacy by Vodafone reveals the privacy measures that are currently in place there are inadequate to ensure the security of its customers and could result in identity theft.

Recently I commented on an investigation underway by the Privacy Commissioner into allegations that Vodafone’s customer information was available on an internet site (MyCRA Blog January 10, 2010).

Commissioner Timothy Pilgrim has just released his findings and below are his statements:

“In the course of my investigation I did not find any evidence that substantiated the claim that Vodafone customers’ personal information was available on a publically accessible website. However, in my view, Vodafone did not have appropriate security measures in place to protect customer’s personal information at the time. Consequently Vodafone was in breach of their obligations under the Privacy Act,”

“I was particularly concerned by Vodafone’s use of shared logins and passwords for staff and the broad range of detailed personal information available to them.”

As part of an undertaking given to the Privacy Commissioner, Vodafone agreed to review its IT security, and all appropriate staff including employees in retail stores and dealerships will be issued with individual login IDs and passwords.

“I am pleased that on being made aware of the allegations Vodafone acted promptly to put in additional security measures to limit access to the personal information it holds.  While I welcome the steps that were taken I have also asked Vodafone to report back to me on the progress of the review and implementation of increased security measures,” Mr Pilgrim said.

Mr Pilgrim said that this case should serve as a reminder to all businesses using customer management systems to ensure that they have robust privacy protections built in.

“All businesses must take the privacy of their customers seriously. Systems should be up to date and secure and staff should only have access to the information that is necessary for their work.  To comply with the Privacy Act and retain the trust and loyalty of their customers, I urge businesses to review their data security practices to prevent the likelihood of a privacy breach occurring which could have the potential to lead to identity theft or fraud,” Mr Pilgrim warned

Security of your personal information should be taken very seriously.
The AUSTRALIAN CRIME COMMISSION now sites identity theft as the “fastest growing crime in AUSTRALIA.”
Compromised financial information can be used directly to attempt to access the victim’s accounts, or be used to obtain credit cards/ loans in the victims’ name.
Fraudsters have even been known to send SMS and emails from a compromised identity to victims’ friends and associates, asking for money on the victims’ behalf. This often involves a story in regards to the victim being stranded somewhere and requiring the funds urgently.
This is not to say that any Vodafone staff would be dishonest enough to misuse the information they had available to them, but it is good to know the new system they will be implementing will prevent this possibility.
Identity theft can catch anyone out and often times it is someone you know who has used credit in your name. For lack of reportage, we may not know the real scale of this crime.

Our message at MyCRA to someone who has found themselves victims of identity theft is firstly don’t be embarrassed to report it to police – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place.

Secondly don’t put up with the damage it causes to your credit file and to your life.

Get in touch with us at MyCRA and see how we can help you get your financial freedom back again.
Visit our site for more information on identity theft and how to prevent it happening to you.