1. Home
  2. News
  3. Data protection debacle at mobile phone giant: Millions in fines for massive failings
  • Data Protection

Data protection debacle at mobile phone giant: Millions in fines for massive failings

In an unprecedented case, a German telecommunications provider has collected a record fine in the millions - Vodafone has to pay a full 45 million euros for serious data protection violations. It is the highest fine of its kind ever imposed by a German supervisory authority.

What happened? External sales partners, who were supposed to acquire new customers on behalf of Vodafone, apparently manipulated contracts in a fraudulent manner. Affected users thought they were on favourable tariff models - but in the end they received bills with significantly higher costs in some cases. Vodafone had neglected to monitor these partner companies - an omission that was penalised with a fine of 15 million euros alone.

But that was just the tip of the iceberg. Criminals gained access to customer data by intercepting passwords - either through classic phishing attacks or by faking false identities. In this way, they were able to take over so-called eSIM profiles via the customer hotline - with potentially fatal consequences. In theory, it would have been possible to gain access to online banking accounts and initiate transfers. So far, there is no evidence of any concrete damage, but this massive IT security leak cost Vodafone a further 30 million euros.

Vodafone has accepted the penalties without protest and has already paid the amount. In addition, voluntary donations in the millions were made to organisations that campaign for data protection, digital education and the fight against cyberbullying.

The Federal Data Protection Commissioner saw the proceedings as a signal that data protection in Germany is by no means ineffective.

Source: https://www.dr-datenschutz.de

 

About Cookies

This website uses cookies. Those have two functions: On the one hand they are providing basic functionality for this website. On the other hand they allow us to improve our content for you by saving and analyzing anonymized user data. You can redraw your consent to to using these cookies at any time. Find more information regarding cookies on our Data Protection Declaration and regarding us on the Imprint.
Mandatory

These cookies are needed for a smooth operation of our website.

Name Purpose Lifetime Type Provider
CookieConsent Saves your consent to using cookies. 1 year HTML Website
fe_typo_user Assigns your browser to a session on the server. session HTTP Website
PHPSESSID Temporary cookies which is required by PHP to temporarily store data. session HTTP Website
__cfduid missing translation: trackingobject.__cfduid.desc 30 missing translation: duration.days-session HTTP Cloudflare/ report-uri.com
Statistics

With the help of these statistics cookies we check how visitors interact with our website. The information is collected anonymously.

Name Purpose Lifetime Type Provider
_pk_id Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo
_pk_ref Used to store the attribution information, the referrer initially used to visit the website. 6 months HTML Matomo
_pk_ses Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
_pk_cvar Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo
MATOMO_SESSID Temporary cookies which is set when the Matomo Out-out is used. session HTTP Matomo
_pk_testcookie missing translation: trackingobject._pk_testcookie.desc session HTML Matomo