Hackers have stolen the data of O2 customers from a database operated by Aerial Direct, which is O2’s largest direct business partner in the UK and has more than 130,000 customers. The company provides IP telephony services and equipment, including mobile, fixed lines, as well as call, broadband, conferencing and hosting telecoms.
Aerial Direct’s data breach notification sent to the customers revealed that an unauthorized third party had been able to access customer data on 26 February through an external backup database.
“We recently became aware that some of our customers’ personal information stored on one of our databases has been accessed without permission. To reassure you, the database did not include any passwords or financial details, such as bank account number or credit card information.” reads the data breach notification published by the company.
The database contained personal information belonging to current and former subscribers from the last six years.
The exposed records names, dates of birth, business addresses, email address, phone numbers, and product information. Aerial Direct confirmed that no passwords or financial information accessed by hackers.
Once the company became aware of the security breach, it shut down access to its system and launched an investigation with the help of experts.
Aerial Direct reported the incident to the Information Commissioner’s Office.
The company announced that is currently working to further enhance the security of its architecture with the help of “relevant experts”.
Customers can contact the support website to receive information about the security breach, the company is recommending them to change their passwords.