OAIC examines Vodafone 'hacking' allegations

Vodafone employee alleged to have accessed call charge records, text messages in January 2011

The Office of the Australian Information Commissioner (OAIC) has been in contact with Vodafone over allegations that an employee accessed the phone records of Fairfax journalist Natalie O'Brien in 2011.

At the time, O'Brien exposed a security risk in the company's data storage techniques, which reportedly meant the names, addresses and credit card details of millions of customers were available online using generic passwords.

Vodafone immediately commissioned an investigation by a top accounting firm into the hacking, the company said in a statement.

"The investigation found there was no evidence VHA management had instructed the employee to access the messages and that VHA staff were fully aware of their legal obligations in relation to customer information," a spokesperson said.

The OAIC said it became aware of the allegations in May this year.

It has been liaising with the Australian Communications and Media Authority (ACMA) about the allegations, in accordance with the memorandum of understanding between the two agencies, the agency said.

In a statement, the OAIC said that all organisations, including telecommunications providers, have an obligation under the Privacy Act 1988 to protect the personal information that they hold from misuse, interference and loss and from unauthorised access, modification or disclosure.

“The OAIC’s Guide to securing personal information provides guidance to organisations about how to comply with this obligation, including in relation to access security controls, internal practices, procedures and systems and ICT security.”

The federal government announced last month that Timothy Pilgrim had been reappointed to the role of Australian Privacy Commissioner at the OAIC, ending the vacancy since his previous term expired in July.

After his previous five-year term expired, Pilgrim was appointed acting Australian Information Commissioner.

The government has re-appointed Pilgrim only for a 12-month period, starting in October, amid uncertainty about the future of the OAIC, which the government has previously sought to wind-up.

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Vodafoneprivacy commissioner

More about Australian Communications and Media AuthorityO'BrienVHAVodafone

Show Comments