Vodafone’s apparent information security breach, if it’s being described accurately, certainly suggests a botched approach. But corporate Australia’s blasé attitude to our personal identity information is as much to blame.
Fairfax’s Natalie O’Brien broke the story yesterday that anyone with a valid Vodafone dealer login could access every customer’s complete file — name, address, date of birth, driver’s licence number, credit card details, the PIN they use to operate their account and even the full history of their phone calls and text messages. It’s wrong to say this data was “publicly available on the internet”. You did need a valid login, after all. But the set-up seems deeply flawed, and valid logins are on the loose.