Authorities have identified an attacker suspected of carrying out a sophisticated hack against Vodafone Germany.
The individual was able to obtain information – including names, addresses, dates of birth, genders and banking details – on roughly two million of the mobile phone company's customers, a company spokesperson said, adding there was no access to credit card information, passwords, PIN numbers or mobile phone numbers.
Vodafone learned of the attack – which was possible due to insider knowledge of the company's IT infrastructure – on 5th September and is only alerting customers now because authorities did not want to compromise the investigation.
The attack is said to have only affected customers in Germany.
A Vodafone spokesperson said it is unlikely that banking information can be accessed, but nevertheless customers were told to monitor bank accounts and are warned to be on alert for email and phone phishing attacks that seek out further details.
The mobile company would not reveal the identity of the suspect, but according to reports, the perpetrator is alleged to be a subcontractor of Vodafone's administration system.
Vodaphone said it is taking actions to prevent this type of incident from occurring again, including reinstalling servers and changing passwords and certificates of all administrators.
Companies suffer from data breaches everyday, but it is not too often that millions of customers are affected. An attack on Sony's PlayStation Network in 2011 compromised personal information for roughly 77 million gamers. An attack on Heartland Payment Systems in 2008 also affected millions.