Mobile giant VHA has sacked a number of staff over a high-profile alleged security breach over the past few weeks with respect to its Vodafone brand that saw customer information compromised, and referred the matter to the New South Wales Police.

The Sun-Herald reported last weekend that each Vodafone store had a username and a password for access to its entire customer database — and that the login details may have been passed on to external sources. A journalist, “sitting in a western Sydney business” with someone who knew the login, was able to access all of her personal details on the system — including her entire call and SMS list.

Today, VHA said as a result of its investigation into the matter that “the employment of a number of staff members had been terminated”, and it had contacted the NSW Police while its investigation continued. A spokesperson for the telco, however, would not disclose how many staff had been sacked.

“We take data security and the storage of our customers’ information extremely seriously,” said VHA chief executive Nigel Dews. “We are conducting a thorough investigation of the incident and of our own security systems and processes and have taken immediate action.”

The telco added that it had also undertaken a review of IT systems security, processes and training, noting that while the review was ongoing, a number of recommendations had already been implemented to beef up security, and others were planned to be brought in shortly.

“Security can always be improved and the additional measures being implemented as a result of our review will increase security and further limit the risk of people doing the wrong thing,” said Dews.” Some of the initiatives we had already planned for this year are being brought forward and we will also be conducting an additional independent security review.”

The Australian Privacy Commissioner has already announced it will investigate VHA’s security breach/ Today, the telco said it had been liaising with the commissioner and other government bodies, and would provide its full cooperation with the NSW Police as the force undertook its enquiries.

The company also reiterated that — contrary to some reports — its customer records were not publicly available on the internet, with its systems needing a password to be accessed. “Credit card details held in our database are securely protected,” the company said.

Image credit: Matt Wakeman, Creative Commons