Sergiu Gatlan reports:
The German data protection authority (BfDI) has fined Vodafone GmbH, the telecommunications company’s German subsidiary, €45 million ($51.4 million) for privacy and security violations.
“Due to malicious employees in partner agencies who broker contracts to customers on behalf of Vodafone, there had been fraud cases due to fictitious contracts or contract changes at the expense of customers, among other things,” BfDI said on Thursday.
BfDI imposed a €15 million fine on Vodafone GmbH for failing to monitor partner agencies whose employees made unauthorized contract changes or tricked customers into signing fictitious contracts.
The British multinational telecommunications company was hit with a second €30 million fine for authentication vulnerabilities of its MeinVodafone (“My Vodafone”) and the company’s hotline, which allowed attackers to access customer eSIM profiles.
Read more at BleepingComputer.