Vodafone Hutchison Australia said it has sacked an undisclosed number of staff after weekend reports that unauthorised parties had obtained log-in details to the telco's customer database.
In a statement, the chief executive Nigel Dews said that the incident had also been referred to the NSW Police, although an internal investigation and IT security review was still ongoing.
Dews said that the company would bring forward several security-related initiatives it had planned for this year.
"We will also be conducting an additional independent security review," Dews said.
The telco also faced a probe from the Australian Privacy Commissioner, which Dews said Vodafone would cooperate fully with.
Vodafone had allowed retail and dealer staff to log into the telco's Siebel CRM system that contained the names, dates of birth, PIN, drivers license numbers and addresses of about four million users.
However, news reports alleged that log-ins to the system had fallen into the wrong hands, allowing external parties - including journalists - the ability to search Vodafone's customer database.
Criminal groups were reportedly paying for Vodafone customer information, while other people used the database to "check their spouses' communications", according to the initial news reports.
Vodafone denied the information was ever publicly available and also moved to reassure customers that their credit card details were "securely protected".
Copyright © iTnews.com.au . All rights reserved.
Issue: 324 | February 2014
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.