Vodafone Australia has admitted to hacking the records of a journalist who had written about security holes in its customer care system, but denies it covered up widespread privacy failures.
The journalist, Natalie O'Brien, wrote a story for the Sydney Sun-Herald in January 2011 about security problems with the operator's Siebel CRM system. O'Brien revealed that customer credit card details and addresses were in danger of being exposed because Vodafone Hutchison Australia had stored the details on the public Internet rather than on a secure server.
Leaked emails published over the weekend reveal that senior security executives at the company, then known as Vodafone Hutchison Australia (VHA), discussed the possible search of her call records the day after the story appeared.
"If the issue relating to breaching the reporter's privacy by searching her private call records and text messages gets into the public domain, this could have serious consequences given it is a breach of the Australian Telecommunications Act," said then head of fraud Colin Yates in an email to then global corporate security director Richard Knowlton.
At the same time, the correspondence also appears to discredit the company's public claim that the breach was a one-off incident.
Yates went on to say: "As you know, this is in fact not the case and VHA has been suffering these breaches since Siebel went live and did nothing or very little to close off the weaknesses that allowed them to occur."
In a statement, Vodafone said an investigation had found an employee had accessed a customer's records in early 2011 but insisted the staff member was not acting under instruction from the company.
But the issue has now become entangled with the politics of the largely government-funded national broadband network (NBN). The head of VHA at the time was Bill Morrow, who now heads up NBN Co Ltd. , the government-owned telco that is rolling out the contentious NBN.
Hauled before the senate on Monday, Morrow said he was not aware of any of the revelations until they were published over the weekend and that he had made no report to the police or regulators.
But that may not be enough to protect him. At Monday's hearing, the former communications minister, Stephen Conroy, warned Morrow that the issue "goes to the heart of whether you're suitable for this [NBN] job."
With NBN Co recently admitting that its network is costing a lot more than expected, disclosure of the Vodafone privacy breach could not have come at a worse time for Morrow. (See Australia's NBN Cost Blowout.)
Greens senator Scott Ludlam has called for the police and communications regulator ACMA to investigate Vodafone over the privacy breach.
— Robert Clark, contributing editor, special to Light Reading