Vodafone 2013 Data Breach

Vodafone Iceland Telecom Breach (2013): Customer SSN, Credit Card Data, SMS Messages & Passwords Exposed via Turkish Hackers | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Maxn3y / Agent (Turkish hacktivist collective)MisconfigurationTelecomCredit CardEmail AddressFull NameGovernment IDIP AddressMessages & ChatPassword
High SeverityWebsite / service breach

Vodafone Iceland Telecom Breach (2013): Customer SSN, Credit Card Data, SMS Messages & Passwords Exposed via Turkish Hackers

Global telecommunications provider offering mobile, broadband, and enterprise services.

Verified by ObscureIQ Intelligence
65/100Breach Risk Index
67Data Value
10Market Recency
4531dSince Breach

Breach Intelligence Summary

Entity: Vodafone · Actor: Maxn3y / Agent (Turkish hacktivist collective) · Sources: 3 references
Attack: Misconfiguration
Profile: Company · Telecommunications services · Mobile network operator · Global
Timeline: Breach (2013-11-30) · Indexed (Nov 30, 2013) · Year (2013)
Exposure: 56K records · 11 fields: Credit Card, Email Address, Full Name, Government ID, IP Address, Messages & Chat, Password, Phone Number, Physical Address, Transaction History, Username
Status: Confirmed

Executive Summary

Vodafone Iceland, the Icelandic affiliate of the Vodafone Group, was breached on November 30, 2013 by the Turkish hacktivist collective Maxn3y, also operating under the handle Agent. The attackers defaced the company's website and posted a 61.7-megabyte archive containing SQL dumps of customer database tables. The archive included user accounts, SMS history files, multimedia tracking logs, and account-manager records. Vodafone Iceland initially denied that confidential data had been exposed and retracted the denial within twenty-four hours after public review of the dump confirmed otherwise.\n\nThe published dataset covered approximately 56,000 unique email addresses, with related accounts spanning a larger total of around 77,000 records. Compromised fields included usernames, email addresses, names, physical addresses, phone numbers, IP addresses, encrypted passwords, government identifiers (Iceland's kennitala national ID number), credit card data, purchase records, and SMS message content. The SMS dump dated to 2011 and included correspondence among Icelandic politicians, some of it politically sensitive, which drew local media attention beyond standard breach coverage.\n\nFor affected individuals, the practical risk profile is distinct because of the inclusion of message content alongside identity and financial fields. The kennitala is a stable government identifier used widely in Iceland for identity verification, banking, and tax purposes, and combined with name, address, and date of birth it supports identity-verification bypass long after the original disclosure. Credit card data exposed in the original dump is no longer current, but historical SMS message content involving named individuals creates lasting reputational risk. Anyone who held a Vodafone Iceland account during the affected period should treat their kennitala and historical contact data as exposed, monitor for unusual financial activity, and remain alert to any unsolicited contact referencing past Vodafone services.

ObscureIQ assessment: Severe risk of SIM swap fraud, phishing, account takeover, and identity theft. Telecom records are high-value because they support both direct fraud and broader account recovery abuse.

Breach Impact

The institutional impact of the 2013 attack on Vodafone Iceland was severe in the local context. The company initially denied that confidential customer data had been compromised, then publicly retracted that denial within twenty-four hours and apologized after the leak's contents became visible to anyone with the rar-file password. The breach drew significant Icelandic media attention because exposed SMS records included correspondence between Icelandic politicians, some of which was politically sensitive. There is no public record of substantial regulatory penalty or settlement specifically tied to the breach. The reputational damage was concentrated within Iceland's small market, where word-of-mouth and trust effects can outweigh formal regulatory outcomes.

About Vodafone

Vodafone Iceland, operating at vodafone.is, is the Icelandic affiliate of the Vodafone Group, the global telecommunications operator headquartered in the United Kingdom. The Iceland operation provides mobile, broadband, and television services to Icelandic households and businesses. The customer base is necessarily small in absolute terms given Iceland's total population of around 330,000 at the time, which made the 2013 breach unusually large in proportional terms relative to the country. The company maintains the typical telecom customer record set including subscriber identity, contact details, billing data, device information, and service-management records.

Why They Hold Your Data

Mobile network operators collect customer identity, phone numbers, addresses, billing data, device and SIM information, and service records across telecom operations.

Recent Developments

Vodafone Iceland continued to operate following the 2013 incident and has not been publicly tied to a further large-scale breach disclosure. The Vodafone Group has continued to face periodic data-protection scrutiny across its international operations, but no incident at the Iceland affiliate has matched the 2013 attack in scale or sensitivity. The 2013 dataset has periodically resurfaced on data-trading forums in the years since, often re-shared as part of broader compilations of legacy telecom breaches. Iceland's national data-protection authority, Persónuvernd, has continued to operate under updated EU-aligned data-protection law since the original incident.

Data Points Exposed

11 verified field types
Credit Card Critical
Email Address
Full Name High
Government ID Critical
IP Address
Messages & Chat High
Password Critical
Phone Number
Physical Address High
Transaction History High
Username

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Credential stuffing against reused passwords across other platforms
  • Financial fraud using exposed financial profile data
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Card-present & card-not-present fraud
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Identity fraud with official bodies
  • Geolocation & account flagging
  • SIM swap confirmation & relationship exploitation
  • Credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Lifestyle profiling & targeted fraud
  • Cross-platform tracking & credential stuffing

Threat Actor: Maxn3y / Agent (Turkish hacktivist collective)

Maxn3y / Agent (Turkish hacktivist collective)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Change Reused Passwords
Update this account and anywhere you reused the password; use a manager.
Password manager guide
Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Vodafone breach?

Vodafone Iceland, the Icelandic affiliate of the Vodafone Group, was breached on November 30, 2013 by the Turkish hacktivist collective Maxn3y, also operating under the handle Agent. The attackers defaced the company's website and posted a 61.7-megabyte archive containing SQL dumps of customer…

What data was exposed?

Verified fields include Credit Card, Email Address, Full Name, Government ID, IP Address, Messages & Chat, Password, Phone Number, Physical Address, Transaction History, Username.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
Have I Been Pwned
Record & field corroboration
Cross-source
BreachForums_Official_Index
Independent catalogue listing
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation