back to article Vodafone 'fesses up to hack of journalist's phone, denies 'improper behaviour'

The Australian division of mobile giant Vodafone has admitted that one of its employees illegally accessed the phone records of a journalist to try to uncover her sources, following publication of a negative story. However, Vodafone – which first investigated allegations of a privacy breach four years ago – has strongly denied …

  1. elDog

    Once again - the corporate beast is policing itself

    Believe us.

    We had an internal investigation (probably more a cocktail party) and determined that this singular incident (not to be confused with company-wide incidents) was not authorized by the corporate establishment (which also hires the internal investigators.)

    And if there were some unwarranted invasions of privacy by some unknown staff member, then we don't know anything about it. And in any case, that staff member has been relocated to an unknown new position somewhere.

    So, what was the question?

    1. Anonymous Coward
      Anonymous Coward

      Re: Once again - the corporate beast is policing itself

      We had an internal investigation (probably more a cocktail party) and determined that this singular incident (not to be confused with company-wide incidents) was not authorized by the corporate establishment (which also hires the internal investigators.)

      Yup. The only way I ever believe a policy is working as expected is if the audits are performed by independent, external operators who know what they are doing - which excludes, by the way, any (quote) "one of Australia's top accounting firms" because I have seen those in many countries receive questions about the quality of their FINANCIAL audits. If such outfits can't even exercise their core responsibilities correctly, I certainly won't expect anything they do on the IT audit front (and that is assuming they do have the competence, which is IMHO a big question in itself).

  2. Anonymous Coward
    Anonymous Coward

    That's not hacking the phone

    It"s a privacy breach of call data,and it's very easy of you have access.

  3. Your alien overlord - fear me

    Shurely the regulators should bitch-slap Vodacronies?

    1. Anonymous Coward
      Anonymous Coward

      The ACMA statement issued late this afternoon Oz time said nothing and indicated no direct course of action - "no further comment at this time". Been asleep at the wheel maybe, possibly? Time to grow a pair and pull the V/f operator licence?

      Time for the regulator to step up and not tread softly.

      AC due to my employer

  4. Graham Marsden
    Holmes

    Yes, there was a privacy breach...

    ... but nobody was responsible and nobody's been punished.

    However Lessons Have Been Learned...

  5. A Non e-mouse Silver badge

    Investigators

    Why would you hire management consultants to investigate a potentially illegal activity? Oh, yes, so you can sweep it under the carpet and protect the top brass.

    1. Anonymous Coward
      Anonymous Coward

      Re: Investigators

      Why would you hire management consultants to investigate a potentially illegal activity? Oh, yes, so you can sweep it under the carpet and protect the top brass.

      Of course. That's also why you avoid hiring anyone with actual competence in that area. You'd hire accountants, for instance, instead of IT or security specialists.

      And lo: "VHA immediately commissioned an investigation by one of Australia's top accounting firms.

      The investigation found there was no evidence VHA management had instructed the employee to access the messages and that VHA staff were fully aware of their legal obligations in relation to customer information."

      1. Anonymous Coward
        Anonymous Coward

        Re: Investigators

        "there was no evidence VHA management had instructed the employee to access the messages"

        Hopefully I am not being naive to assume that "instructed" covers things which aren't quite synonymous, like "knew about", "approved", "discussed" etc.

  6. Youngone Silver badge
    Black Helicopters

    It makes no sense

    Vodafone are in no position to decide if there's been a breach of the law, that's the job of the Police.

    If the journalist makes a complaint, they will investigate, there may be a prosecution, a judge will make a ruling and then we'll know.

    Anything Vodafone pronounces is just PR talk.

  7. Mark 85

    3 Years for them to find this out?

    Or 3 years to finally come up with the proper corporate spin? Given the timespan involved and based on a number of "official" investigations in various agencies and companies that ran into years... I wonder what they're really hiding?

  8. Anonymous Coward
    Anonymous Coward

    Naughty

    VHA have publicly admitted that employees have committed what would be considered a criminal act in the UK. Maybe it isn't in Aus.

    This could run and if it does, we'll need a lot of popcorn to see it out.

    1. Lusty

      Re: Naughty

      The main difference is that in the UK it's the journalists doing the "hacking" and the telcos are "outraged" :)

  9. FozzyBear
    Devil

    What the hell

    Does an accounting firm know about investigating system security breaches? I hope this PR stunt to dance around a criminal offence has cost them plenty of dosh

    1. BrendHart

      Re: What the hell

      A good forensic auditor in action is a true sight to behold.

      1. This post has been deleted by its author

  10. Anonymous Coward
    Anonymous Coward

    As a result of our investigation, several retail staff were dismissed for breaches of VHA security policies.

    Retail staff? So someone who sells phones in the stores to the public hacked a phone. The ability to obtain the content of text messages should only be allowed by specific teams working with law enforcement on production of a court document. What did they do with the contacts? Run it against their own data to try and find the source, would anyone in their right mind contact a journalist using their work discounted mobile to deliver this information?

    1. AndyS

      Retail staff? So someone who sells phones in the stores to the public hacked a phone

      I think you're reading it wrong. Nobody has been fired for the privacy breach (there was no hack - looking up data from your own system isn't hacking). They were fired for leaking a story to the journalist. The breach was simply them figuring out who to fire.

      And the company looked up the journalist's records, it doesn't specify that they looked up the retail staff records, so there is nothing saying they used a work mobile. Any registered to them would have done the trick.

  11. Detective Emil
    Black Helicopters

    Surely it's acceptable use?

    Im surprised that Vodaphone has not claimed that the contract that the journalist signed with them allowed ransacking: see Beware Vodafone's Draconian "Acceptable Use Policy" on Soylent News. (UK contract, but I doubt Oz's is better.)

  12. Whitter
    Megaphone

    Your employee? You did it.

    That is all.

  13. Ian 62

    If one 'rogue' employee

    Can 'hack' away into a journalists details, why would we trust government with backdoors into our data.

    All it takes is one pee'd off civil servant and we're all caught with our trousers down.

  14. Dixey

    One incident, two problems and no solution.

    This particular incident does, in my opinion, highlight two problems for which I believe there is no solution available.

    Problem 1: The directors of any company only need to create "plausible deniability" in order to do the most horrific things.

    Problem 2: It is almost impossible for any organization to stop the individual from committing wrong doing.

    So how secure is your information held by that bank/website/government? How certain are you that nobody, and I mean nobody, has been able to smuggle something nasty onto that plain/train/bus/ship you are about to travel in? Answer to both: you are not. Tough.

    1. Looper
      Thumb Down

      Re: One incident, two problems and no solution.

      Plausible deniability may protect an individual or group's ass within a corporate internal structure, but has absolutely NO legal weight for protecting a corporate body from the misdoings of one of its employees.

  15. paulf
    Big Brother

    Downloaded text messages

    One thing not discussed so far is this: "I have since learnt that immediately after the release of my story, a Vodafone employee accessed and downloaded a copy of my text messages and call records."

    Firstly it isn't clear whether she is talking about the content of her text messages or just the absolutely harmless* meta data about who she texted and when but not the actual content.

    Secondly if Vodafone did retain copies of the content of her Text messages why the fricking hell did they do it and did no one think this was a bad thing? I'm not familiar with the more arcane parts of Oz telecoms regulation - is there a requirement to retain this kind of thing? Did someone at VHT just wake up one morning and say, "Lets retain all of our customers' SMS without asking them". Just yeek.

    * As our highers and betters in <span class="strike">GCHQ</span> Westminster define Meta data.

    1. Anonymous Coward
      Anonymous Coward

      Re: Downloaded text messages

      Even in the uk mobile operators store sms messages for years.

      Goodness knows why.

      more interesting question to ask is: do mobile operators store your mobile location information? For how long ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like