German data protection authority BfDI has fined Vodafone GmbH, the German subsidiary of the British telecom giant, a total of €45 million ($51.4 million) for multiple data privacy and security breaches.
According to BfDI, malicious employees in Vodafone’s partner agencies were responsible for creating fictitious contracts and making unauthorized changes to customer accounts. As a result, Vodafone was hit with a €15 million fine for failing to monitor these third-party partners properly.
An additional €30 million fine was imposed for authentication weaknesses in Vodafone’s MeinVodafone app and customer hotline system, which exposed customer eSIM profiles to potential attackers.
“Where data breaches take place, sanctions must be imposed,” said Prof. Dr. Louisa Specht-Riemenschneider, the Federal Commissioner for Data Protection and Freedom of Information. She acknowledged Vodafone’s full cooperation throughout the investigation, including voluntary disclosure of incriminating information.
Vodafone has since overhauled its internal systems, improved partner agency vetting and audits, and severed ties with those involved in fraudulent activities. The company has also paid the fines and donated millions of euros to organizations focused on data protection, media literacy, and cyberbullying prevention.
Vodafone serves over 330 million customers in 15 countries, with an additional 83 million users on its fintech platforms across Africa.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
