The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company’s German subsidiary, €45 million ($51.4 million) for privacy and security violations.
“Due to malicious employees in partner agencies who broker contracts to customers on behalf of Vodafone, fraud cases emerged, including fictitious contracts or unauthorized contract changes that harmed customers, among other things,” BfDI said on Thursday.
As a result, BfDI imposed a €15 million fine on Vodafone GmbH for failing to properly monitor partner agencies whose employees made unauthorized changes or tricked customers into signing fake contracts.
Additionally, the British multinational telecommunications company received a second €30 million fine for authentication vulnerabilities in its MeinVodafone (“My Vodafone”) portal and customer hotline. These flaws allowed attackers to gain access to customer eSIM profiles.
“Where data breaches take place, sanctions must be imposed. However, through my work, I also aim to ensure that such breaches are prevented in the first place. Companies striving to comply with data protection laws must be empowered to do so,” added Prof. Dr. Louisa Specht-Riemenschneider, the Federal Commissioner for Data Protection and Freedom of Information.
She emphasized, “I would like to point out that Vodafone has cooperated continuously and without restriction throughout the entire proceedings, even disclosing information that was self-incriminating.”
Since then, Vodafone has overhauled its systems and processes to reduce future risks. The company has also revised procedures for selecting and auditing partner agencies, cutting ties with those connected to fraudulent behavior.
Furthermore, the telecom giant has already paid the fines and contributed several million euros to organizations that support data protection, media literacy, and the fight against cyberbullying, according to the BfDI.
Vodafone provides mobile and fixed-line services to more than 330 million customers across 15 countries in Europe, Asia, Africa, and Oceania. Its fintech operations also reach nearly 83 million users in seven African nations.
A Vodafone spokesperson could not be reached for comment by BleepingComputer at the time of publication.
Source: BleepingComputer
Read more at Impreza News
