IT Security: Vodafone Australia tried to plug holes

Vodafone Australia has made it clear that some media misinterpreted the situation when reporting that customer information was available on the internet: Vodafone does not store its information in this way, the company says and they are "securely protected."

Securely until someone unauthorised gets password access to their closed system, is what they actually meant to say.

The company makes it clear that a password on its own is not enough: to access the data, someone must use a secure terminal.

However, once the data has been obtained and released, then it is outside the company's control, something it is so far being somewhat reticent to admit.

The company says that it has identified some staff who have made unauthorised access to the system and sacked them, at the same time reporting their findings to the police with a view to prosecution.

It has also modified the password system so as to provide for daily changes and changing its "one branch, one code" access which was shared among multiple staff in a single shop.

But that has presented its own problems: as we previously reported, mobile phone shop staff are highly mobile between branches and there is a high turnover of staff who churn customers from one network to another or fail to hit targets and therefore earn what they think they should earn. The mobility and turnover have created difficulty for Vodafone as it tries to work out who works for them or their agents, creates individual computer identities for them and also creates processes for new and leaving staff.

Of course, there is another idea taken from little Chinese coffee shops: simply have one trusted employee who accesses the data and processes the sale. Then the salespeople never need to go anywhere near sensitive data.