Vodafone ‘hacked journalist’s phone to trace whistleblowers’
Telco giant Vodafone illegally
accessed a journalist’s mobile phone records to discover the source of
stories about the company, hid systemic privacy breaches from
authorities and covered up fraud in its Brisbane office, according to
internal documents.
In a 2012 email from then Vodafone Hutchison Australia head of fraud Colin Yates to then Vodafone global corporate security director
Richard Knowlton, Mr Yates warns of the “huge risk” to the company if a
string of allegations — which he “has no reason to believe” are not
factual — “gets into the public domain”.
Of particular concern to
Mr Yates was the hacking of the “call charge records and text messages”
from the mobile of Fairfax investigative reporter Natalie O’Brien, then a
Vodafone customer.
On January 10, 2011, the day after O’Brien
broke a story about major security flaws with Vodafone’s Siebel data
system — including that private call records could be illegally
accessed — Vodafone investigators had discussions about searching her
phone records to find the Vodafone sources for the story.
“If the issue relating to breaching the reporter’s privacy by
searching her private call records and text messages gets into the
public domain, this could have serious consequences given it is a
breach of the Australian Telecommunications Act,” Mr Yates writes to his
global counterpart Mr Knowlton. “And (it) would certainly destroy all
of the work done by VHA (Vodafone Hutchison Australia) over the past
months to try and restore their reputation.”
Further fuelling the
situation, O’Brien is the wife of NSW Deputy Police Commissioner Nick
Kaldas, a fact noted by Mr Yates in his email. O’Brien declined to
comment yesterday.
One of two potential whistleblowers named by
Mr Yates in the email, former Vodafone investigator Mark Burridge, has
since committed suicide. Mr Burridge and the other potential
whistleblower named in the email, former Vodafone investigator Wayne
Hancock, have since the Yates email been accused of stealing used phones
from the company. Mr Hancock is understood to vigorously deny the
allegations.
O’Brien’s 2011 article revealed breaches with
Vodafone’s Siebel system meant the call records and details of Vodafone
customers — including home addresses, and driver’s licence and credit
card details — had been available on the internet.
The security
flaw came about in part because Vodafone had stored the information on a
website so it could be accessed from any computer rather than on a
secure internal system. At that time, Vodafone Australia was under
pressure with customer frustration over poor mobile coverage, which
included a class action by more than 9000 customers.
In what could
prove particularly damning for Vodafone, the Yates email suggests the
company actively covered-up from authorities the extent of the security
breaches uncovered by O’Brien.
Following her story, Vodafone
executives allegedly “told the press, the NSW Privacy Commissioner and
other high-profile Australian agencies that the breach was a one-off
incident”.
Vodafone Hutchison Australia has strongly denied any allegations of improper behaviour.
Source: Supplied
Source: Supplied
