A data breach has affected the telecommunications company Vodafone Italia after one of their Italian resellers, FourB S.p.A, was the victim of an attack. Vodafone customer information was exposed in the attack, and no passwords or network data was stolen. Exposed information included subscription details, identity documents with sensitive data, and contact details. It is currently unclear if an additional event is connected: a threat actor named kelvinsecurity claimed to be selling a collection of data from Vodafone Italia with approximately 295,000 files totaling 310 GB on September 3rd, 2022. At that time, Vodafone initially denied the claims.
Customers of Vodafone Italia should remain vigilant moving forward, as they could possibly become targets of phishing campaigns, digital financial fraud, or other forms of identity theft. The partner company, FourB, cut off access to the compromised servers and has indicated they will take steps to improve their security posture moving forward.