Hackers have stolen the data of O2 customers from a database operated by Aerial Direct, which is O2’s largest direct business partner in the UK and has more than 130,000 customers. The company provides IP telephony services and equipment, including mobile, fixed lines, as well as call, broadband, conferencing and hosting telecoms.
Aerial Direct’s data breach notification sent to the customers revealed that an unauthorized third party had been able to access customer data on 26 February through an external backup database.
“We recently became aware that some of our customers’ personal information stored on one of our databases has been accessed without permission. To reassure you, the database did not include any passwords or financial details, such as bank account number or credit card information.” reads the data breach notification published by the company.
The database contained personal information belonging to current and former subscribers from the last six years.
The exposed records names, dates of birth, business addresses, email address, phone numbers, and product information. Aerial Direct confirmed that no passwords or financial information accessed by hackers.
Once the company became aware of the security breach, it shut down access to its system and launched an investigation with the help of experts.
Aerial Direct reported the incident to the Information Commissioner’s Office.
The company announced that is currently working to further enhance the security of its architecture with the help of “relevant experts”.
Customers can contact the support website to receive information about the security breach, the company is recommending them to change their passwords.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.