ID documents and contact details exposed in Vodacom fibre reseller data breach
Vodacom has warned customers who took up Vodacom Fibre subscriptions through marketing agency Real Promotions that a data breach has compromised their personal data.
In an email sent to affected customers on Wednesday, 17 August 2022, the company said an unauthorised party had accessed the agency’s servers.
“Real Promotions has informed us that the information accessed includes first and last name, email address, Identity Document (ID) number, a copy of the ID, postal address and physical address,” Vodacom said.
The exposure of ID copies was also one of the consequences of a recent cyberattack that led to Shoprite customer data being posted on the dark web.
Vodacom said Real Promotions closed off access to the compromised server after the breach was discovered and was monitoring its systems for further unauthorised activity.
It had also appointed independent cybersecurity forensic specialists.
“Real Promotions has assured us that it has since fixed the issue and that all measures have been taken so that no one else can access this information from their server,” Vodacom spokesperson Byron Kennedy told MyBroadband.
“Vodacom and Real Promotions have reported the incident to the Information Regulator and remain committed to working with relevant authorities.”
Kennedy said no passwords were exposed, and any information related to other Vodacom services was safe.
“No Vodacom or Vodacom Fibre systems have been compromised or are at risk as a result of this incident,” he said.
“We have nonetheless urged affected Vodacom Fibre customers to be particularly vigilant online, on email and if they receive any unexpected phone calls.”
“We will notify affected customers if there are any other actions we recommend they take.”
On its website, Real Promotions lists several other ISPs to which it has supplied promotional services or has represented, including Cell C, Mweb and Telkom.
Other companies it has counted among its clients include Afriderm, Converse, Mor Energy, and Tru-Cape.
However, this list may no longer be relevant, as some of the companies included in it — like Neotel and Virgin Mobile — have either changed their name or no longer exist.
Real Promotions told MyBroadband that three of its clients were affected by the breach, but did not specify which companies they were.
Loading ...