Vodafone Italy discloses data breach after reseller hacked

Vodafone Italia is sending customers notices of a data breach, informing that one of its commercial partners, FourB S.p.A., who operates as a reseller of the telecommunications services in the country, has suffered a cyberattack.

According to the notice, the cyberattack took place in the first week of September and resulted in the compromise of sensitive subscriber details.

The exposed information includes subscription details, identity documents with sensitive data, and contact details.

The notice clarifies that no account passwords or network traffic data have been compromised as a result of this incident.

Vodafone Italia urges the recipients of the notifications to remain vigilant against incoming communications, as the risk of being targeted by phishing actors and scammers has now increased.

The notice concludes that FourB has closed access to the breached servers and implemented higher-level security on its systems to prevent the occurrence of similar incident in the future.

BleepingComputer has reached out to both Vodafone Italia and FourB S.p.A. for more information about the attack but has not received an answer at the time of publishing.

Vodafone Italia data for sale in September

While it’s not clear if it’s related to Vodafone's disclosure today, on September 3, 2022, a hacker group calling themselves KelvinSecurity claimed an attack against the telecommunications company.

KelvinSecurity offered to sell a collection of 295,000 files totaling 310 GB of data they allegedly stole from Vodafone Italia and advertised the cache on messaging platforms and at least one hacker forum.

At that time, Vodafone responded to the breach rumor with a short statement saying that they had found no evidence of unauthorized access to the company’s internal IT systems, but would continue investigating.

KelvinSecurity is an experienced data seller that may also sell initial access to other hackers. In June 2020, they bartered the data of Frost & Sullivan employees on hacking forums after breaching a backup server.

At the time, the threat actor alleged that their purpose was to alert the company about security problems they had discovered but decided to offer the database for sale after the breached firm ignored their messages.