Skip to main content

O2 customers get sophisticated phishing emails, company denies breach

O2's customers suspected the company suffered a serious security breach, as they started receiving sophisticated phishing emails.

The subscribers claim the emails included their name, email address, date of birth, as well as various details about the users’ data plans and monthly payments, The Register reports.

The emails were about VAT, but O2 shifts the blame back to the users.

"O2 are saying it's a 'phishing email' and that 'no data has been compromised', which seems rather odd as there's no way that amount of data could or should be publicly available. I suspect a very detailed data breach in O2”, a user told The Register.

O2, on the other hand, says their systems weren’t breached. In a statement to The Register, they said:

“We investigated this phishing scam and found no evidence of customer information coming from O2. We believe the scammers gathered the information from other sources in an attempt to make the phishing email as authentic as possible. Sources of information can include a compromise of the user’s computer/laptop (e.g. via the inadvertent loading of key loggers / other malware). This information can then be used by the scammers in targeted phishing emails to make the user think they are genuinely sent from the originator because it appears to contain accurate information to the user.”

Even so, O2 notified the data watchdog, Information Commissioner's Office (ICO), “out of courtesy”.

"Whilst there’s no evidence that the information came from O2, we’ve notified the ICO out of courtesy," a spokeswoman at the company said.