Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicVodafone Australia employee searched journalist's records
freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41024

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

#180602 15-Sep-2015 07:21
Send private message

From The Guardian (and other sources): Vodafone Australia admits searching journalist's phone records (I wouldn't call "hacking" as in they didn't have to hack anything, did they?)


Vodafone Australia has admitted an employee hacked a journalist’s phone records in an attempt to uncover her sources for stories, but the telecommunications company denies any “improper behaviour”, despite internal emails suggesting it deliberately misled authorities about systemic privacy breaches.

O’Brien – herself a Vodafone customer – reported that Vodafone’s Siebel data system was vulnerable to hacking, and that the data of millions of customers was available online and easily accessible through generic passwords that were being shared around the company and publicly.

Customers’ home addresses, driver’s licences and credit card details were all available online, O’Brien wrote, and criminal groups were paying for customers’ private information.

She said the stories she wrote were “in the public interest”, and the vulnerability in Vodafone’s system serious enough that both the Information and Privacy Commissioner and the Australian Communications and Media Authority launched independent investigations.

“The shock and anger is only compounded knowing it was because I was doing my job that I was targeted and it was my own telco that was doing it to me. Since when did telling the truth become the wrong thing to do?”

An internal Vodafone email, reported by the Australian, shows the company was aware of the extent of the security breaches and the potential legal and reputation damage of hacking a journalist’s phone.

The head of fraud management and investigations for Vodafone Group, Colin Yates, wrote to then global corporate security director Richard Knowlton that there was a “huge risk” to the company if the hacking of O’Brien’s phone “gets into the public domain”.


I had a fair share of requests over the years from companies asking for the identity of people posting proprietary or confidential material on Geekzone. I can't obviously disclose this type of information without being in breach of the Privacy Act.

We know of internal investigations that caused a few people to lose jobs and on different telcos around - but that's a few years old now. There's a big difference between posting confidential pricing information and exposing problems. One is a case of trust breach the other is whistleblowing.

I do expect the report not to have been published before Vodafone was warned and had time to fix it - although it doesn't sound like it.

That's one of the reasons I have set our messages pages to be accessible only via HTTPS. But over the years more and more information has arrived either via WhatsApp and very few via voice calls - great as I really dislike talking on phone and rather have things documented.

Posting this on Off Topic as this is not a Vodafone New Zealand topic.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Create new topic

gzt

gzt
18671 posts

Uber Geek
+1 received by user: 7805

Lifetime subscriber

  #1387857 15-Sep-2015 13:09
Send private message

My feeling is telcos lack auditing in this area.



kingjj
1730 posts

Uber Geek
+1 received by user: 450

ID Verified
Trusted

  #1388029 15-Sep-2015 17:04
Send private message

gzt: My feeling is telcos lack auditing in this area.


Fair point.

My Two cents: I would question how difficult it would be to effectively audit an organisation with thousands of employees, most of whom would make dozen's of accesses to customer information daily in the scope of their normal duties. I'm sure (just an educated assumption here) that most Telco's, or organisations that hold large swatches of personal information, would have a list of customers who would set off an audit if their information was accessed (take high profile public figures etc). I'm sure most organisations would also practice/publicise random audits and have policies that would indicate as such. Regular audits on someone who under takes hundreds of transactions would be a nightmare, not just in a financial sense but also in a time management sense. As someone who has access to a lot of private information and accesses it frequently in the course of my duties (sometimes hundreds of queries a day) I know that when an audit happens I will be spending a large part of my day justifying my actions and not a lot of time doing anything else. For my employer they have to balance to requirement to meet their obligations under the Privacy Act with their requirement to actually get things done.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright