Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
64959 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

# 180602 15-Sep-2015 07:21
Send private message

From The Guardian (and other sources): Vodafone Australia admits searching journalist's phone records (I wouldn't call "hacking" as in they didn't have to hack anything, did they?)


Vodafone Australia has admitted an employee hacked a journalist’s phone records in an attempt to uncover her sources for stories, but the telecommunications company denies any “improper behaviour”, despite internal emails suggesting it deliberately misled authorities about systemic privacy breaches.

O’Brien – herself a Vodafone customer – reported that Vodafone’s Siebel data system was vulnerable to hacking, and that the data of millions of customers was available online and easily accessible through generic passwords that were being shared around the company and publicly.

Customers’ home addresses, driver’s licences and credit card details were all available online, O’Brien wrote, and criminal groups were paying for customers’ private information.

She said the stories she wrote were “in the public interest”, and the vulnerability in Vodafone’s system serious enough that both the Information and Privacy Commissioner and the Australian Communications and Media Authority launched independent investigations.

“The shock and anger is only compounded knowing it was because I was doing my job that I was targeted and it was my own telco that was doing it to me. Since when did telling the truth become the wrong thing to do?”

An internal Vodafone email, reported by the Australian, shows the company was aware of the extent of the security breaches and the potential legal and reputation damage of hacking a journalist’s phone.

The head of fraud management and investigations for Vodafone Group, Colin Yates, wrote to then global corporate security director Richard Knowlton that there was a “huge risk” to the company if the hacking of O’Brien’s phone “gets into the public domain”.


I had a fair share of requests over the years from companies asking for the identity of people posting proprietary or confidential material on Geekzone. I can't obviously disclose this type of information without being in breach of the Privacy Act.

We know of internal investigations that caused a few people to lose jobs and on different telcos around - but that's a few years old now. There's a big difference between posting confidential pricing information and exposing problems. One is a case of trust breach the other is whistleblowing.

I do expect the report not to have been published before Vodafone was warned and had time to fix it - although it doesn't sound like it.

That's one of the reasons I have set our messages pages to be accessible only via HTTPS. But over the years more and more information has arrived either via WhatsApp and very few via voice calls - great as I really dislike talking on phone and rather have things documented.

Posting this on Off Topic as this is not a Vodafone New Zealand topic.




Create new topic

gzt

10979 posts

Uber Geek


  # 1387857 15-Sep-2015 13:09
2 people support this post
Send private message

My feeling is telcos lack auditing in this area.

Baby Get Shaky!
1652 posts

Uber Geek

Trusted
Subscriber

  # 1388029 15-Sep-2015 17:04
Send private message

gzt: My feeling is telcos lack auditing in this area.


Fair point.

My Two cents: I would question how difficult it would be to effectively audit an organisation with thousands of employees, most of whom would make dozen's of accesses to customer information daily in the scope of their normal duties. I'm sure (just an educated assumption here) that most Telco's, or organisations that hold large swatches of personal information, would have a list of customers who would set off an audit if their information was accessed (take high profile public figures etc). I'm sure most organisations would also practice/publicise random audits and have policies that would indicate as such. Regular audits on someone who under takes hundreds of transactions would be a nightmare, not just in a financial sense but also in a time management sense. As someone who has access to a lot of private information and accesses it frequently in the course of my duties (sometimes hundreds of queries a day) I know that when an audit happens I will be spending a large part of my day justifying my actions and not a lot of time doing anything else. For my employer they have to balance to requirement to meet their obligations under the Privacy Act with their requirement to actually get things done.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Samsung Galaxy Fold now available in New Zealand
Posted 6-Dec-2019 00:01


NZ company oDocs awarded US$ 100,000 Dubai World Expo grant
Posted 5-Dec-2019 16:00


New Zealand Rugby Selects AWS-Powered Analytics for Deeper Game Insights
Posted 5-Dec-2019 11:33


IMAGR and Farro bring checkout-less supermarket shopping to New Zealand
Posted 5-Dec-2019 09:07


Wellington Airport becomes first 5G connected airport in the country
Posted 3-Dec-2019 08:42


MetService secures Al Jazeera as a new weather client
Posted 28-Nov-2019 09:40


NZ a top 10 connected nation with stage one of ultra-fast broadband roll-out completed
Posted 24-Nov-2019 14:15


Microsoft Translator understands te reo Māori
Posted 22-Nov-2019 08:46


Chorus to launch Hyperfibre service
Posted 18-Nov-2019 15:00


Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.