Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
59418 posts

Uber Geek
+1 received by user: 10626

Administrator
Trusted
Geekzone
Lifetime subscriber

Topic # 180602 15-Sep-2015 07:21
Send private message

From The Guardian (and other sources): Vodafone Australia admits searching journalist's phone records (I wouldn't call "hacking" as in they didn't have to hack anything, did they?)


Vodafone Australia has admitted an employee hacked a journalist’s phone records in an attempt to uncover her sources for stories, but the telecommunications company denies any “improper behaviour”, despite internal emails suggesting it deliberately misled authorities about systemic privacy breaches.

O’Brien – herself a Vodafone customer – reported that Vodafone’s Siebel data system was vulnerable to hacking, and that the data of millions of customers was available online and easily accessible through generic passwords that were being shared around the company and publicly.

Customers’ home addresses, driver’s licences and credit card details were all available online, O’Brien wrote, and criminal groups were paying for customers’ private information.

She said the stories she wrote were “in the public interest”, and the vulnerability in Vodafone’s system serious enough that both the Information and Privacy Commissioner and the Australian Communications and Media Authority launched independent investigations.

“The shock and anger is only compounded knowing it was because I was doing my job that I was targeted and it was my own telco that was doing it to me. Since when did telling the truth become the wrong thing to do?”

An internal Vodafone email, reported by the Australian, shows the company was aware of the extent of the security breaches and the potential legal and reputation damage of hacking a journalist’s phone.

The head of fraud management and investigations for Vodafone Group, Colin Yates, wrote to then global corporate security director Richard Knowlton that there was a “huge risk” to the company if the hacking of O’Brien’s phone “gets into the public domain”.


I had a fair share of requests over the years from companies asking for the identity of people posting proprietary or confidential material on Geekzone. I can't obviously disclose this type of information without being in breach of the Privacy Act.

We know of internal investigations that caused a few people to lose jobs and on different telcos around - but that's a few years old now. There's a big difference between posting confidential pricing information and exposing problems. One is a case of trust breach the other is whistleblowing.

I do expect the report not to have been published before Vodafone was warned and had time to fix it - although it doesn't sound like it.

That's one of the reasons I have set our messages pages to be accessible only via HTTPS. But over the years more and more information has arrived either via WhatsApp and very few via voice calls - great as I really dislike talking on phone and rather have things documented.

Posting this on Off Topic as this is not a Vodafone New Zealand topic.




Create new topic

gzt

9267 posts

Uber Geek
+1 received by user: 1320


  Reply # 1387857 15-Sep-2015 13:09
2 people support this post
Send private message

My feeling is telcos lack auditing in this area.

Baby Get Shaky!
1497 posts

Uber Geek
+1 received by user: 363

Subscriber

  Reply # 1388029 15-Sep-2015 17:04
Send private message

gzt: My feeling is telcos lack auditing in this area.


Fair point.

My Two cents: I would question how difficult it would be to effectively audit an organisation with thousands of employees, most of whom would make dozen's of accesses to customer information daily in the scope of their normal duties. I'm sure (just an educated assumption here) that most Telco's, or organisations that hold large swatches of personal information, would have a list of customers who would set off an audit if their information was accessed (take high profile public figures etc). I'm sure most organisations would also practice/publicise random audits and have policies that would indicate as such. Regular audits on someone who under takes hundreds of transactions would be a nightmare, not just in a financial sense but also in a time management sense. As someone who has access to a lot of private information and accesses it frequently in the course of my duties (sometimes hundreds of queries a day) I know that when an audit happens I will be spending a large part of my day justifying my actions and not a lot of time doing anything else. For my employer they have to balance to requirement to meet their obligations under the Privacy Act with their requirement to actually get things done.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52


NOW to deploy SD-WAN to regional councils
Posted 19-Dec-2017 19:46


Mobile market competition issues ComCom should watch
Posted 18-Dec-2017 10:52


New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.