In December 2020, ho.Mobile, a second brand in Italy, suffered a data breach and part of a database holding customer data was accessed by a third-party; no financial information, passwords, or mobile traffic data relating to calls, texts or web activity was involved. As a subsidiary of the Vodafone Group, we utilised our existing global incident management framework. Ho. Mobile took a proactive approach and immediately informed affected customers and regulators, enhanced security protections, remotely reissued SIM serial numbers to prevent any misuse, and offered free replacement SIMs to the entire customer base. Ho. Mobile also notified local law enforcement and made the required disclosures to the Italian Data Protection Authority. Ho. Mobile uses distinct and separate IT systems to Vodafone Italy and the rest of the Vodafone Group.
Vodafone classifies security incidents according to severity, measured by business and customer impact. The highest severity category corresponds to a significant data breach or loss of service caused by the incident. In the 2020-2021 financial year, the only such incident was the ho. Mobile incident discussed above.
This incident was classified as most severe because it involved part of a database holding customer data.