Skip to main content

O2 customers get sophisticated phishing emails, company denies breach

O2's customers suspected the company suffered a serious security breach, as they started receiving sophisticated phishing emails.

The subscribers claim the emails included their name, email address, date of birth, as well as various details about the users’ data plans and monthly payments, The Register reports (opens in new tab).

The emails were about VAT, but O2 shifts the blame back to the users.

"O2 are saying it's a 'phishing email' and that 'no data has been compromised', which seems rather odd as there's no way that amount of data could or should be publicly available. I suspect a very detailed data breach in O2”, a user told The Register.

O2, on the other hand, says their systems weren’t breached. In a statement to The Register, they said:

“We investigated this phishing scam and found no evidence of customer information coming from O2. We believe the scammers gathered the information from other sources in an attempt to make the phishing email as authentic as possible. Sources of information can include a compromise of the user’s computer/laptop (e.g. via the inadvertent loading of key loggers / other malware). This information can then be used by the scammers in targeted phishing emails to make the user think they are genuinely sent from the originator because it appears to contain accurate information to the user.”

Even so, O2 notified the data watchdog, Information Commissioner's Office (ICO), “out of courtesy”.

"Whilst there’s no evidence that the information came from O2, we’ve notified the ICO out of courtesy," a spokeswoman at the company said.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.