Vodafone Australia Employee Searched Journalist's Phone Records To Find Source

An anonymous reader writes: In 2011, a journalist named Natalie O'Brien published a series of stories on security problems in Vodafone's Siebel data system. "Customers' home addresses, driver's licenses and credit card details were all available online, O'Brien wrote, and criminal groups were paying for customers' private information." Now, Vodafone Australia has admitted that an employee went through her phone and text records to try and figure out who her sources were within the company. O'Brien wrote, "The invasion of privacy is devastating. It plays with your mind. What was in those texts? Who were they to? What did they see? What did they do with the information?" Despite the admission, Vodafone has denied that it engaged in improper behavior (PDF). The company says it found no evidence the employee was directed to do so by management. That said, leaked emails show management became aware of the privacy breach and its potential repercussions as early as 2012.

Re:"Just a totally rogue employee, not us"

[wonkey_monkey]

If any member of your team is caught or killed, Vodafone will disavow all knowledge of your actions.

This tape will self destruct in five minutes, mate.

Way to take the initiative

[DumbSwede]

So... some guy in the data-center just take it upon himself to go look up the info on some journalist, ‘cause you know that’s what IT guys do all day long, look up stuff on people with no direction.

The company has very strict
controls and processes around the privacy of customer information, and has appointed a dedicated privacy officer.

So glad they have this in place, seems to be doing a bang up job. I can totally see how some low level employee would totally disregard this to dig up dirt on a Journalist and her accomplices. Because, you know, there’s so much in it for the low level employee.

Overzealous/psychotic management

[nimbius]

Its not uncommon to have middle management or even upper management that get a little overzealous with the amount of power they wield.

Working for a hosting company, I once had a manager that was absolutely furious that we hosted a domain that endorsed abortions and facilitated service provider interactivity. my manager didnt have access to the accounts database, but she knew members of her team surely did. She wanted log summaries of people who visited, which is a request that has to go through InfoSec. Once they denied it based on lack of a warrant, she started trolling the team for info during lunch. The fact that we dont obsess over every single site, let alone her problem child, seemed to make her upset. She submitted 3 requests for content review by the abuse department, and finally quit when their manager kept sending the original report back. She hit all of us up for accounts information for the user, and even tried logging in as the tape backup administrator after finding their username in some documentation. She was eventually fired after trying to tie our performance raises for the account information.

You laugh but Costas Tsalikidis was found hanged

Funny, except for a few things:

Vodafone have been revealed to be the major company helping GCHQ spy on its own people and allies.
Vodafone was the mobile network that spied on Greece ministers during the Olympics.
Costas Tsalikidis, their engineer was found dead (hanged) when the bugging was discovered.

http://spectrum.ieee.org/telecom/security/the-athens-affair

So yeh ha ha ha +5 funny.