Cyber Incident Victim: Vodafone GmbH
Date:
Mar 2023
Location:
Germany
Summary
A cybersecurity incident impacting Vodafone's Callya prepaid services occurred following a sophisticated cyberattack targeting IT provider Materna, suspected to involve ransomware. The incident prompted Vodafone to preemptively disable online sales and registration platforms for Callya products to safeguard systems and customer data, though alternative booking channels remained functional. While Materna restored operations with newly configured systems isolated from compromised infrastructure, investigations confirmed no customer data exfiltration. The attack also disrupted other Materna-dependent services, including airport check-in systems in Germany, highlighting broader collateral effects on the provider's client ecosystem amidst rising ransomware threats targeting critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late March 2023, the IT service provider Materna experienced a cybersecurity incident that disrupted Vodafone Germany’s prepaid "CallYa" services. The incident followed what Materna described as a "professionally executed cyberattack" targeting its infrastructure, which also impacted multiple clients relying on its systems. Vodafone, one of Materna’s customers, preemptively disconnected CallYa-related services provided by Materna as a precautionary measure to safeguard systems and customer data. This action resulted in the temporary suspension of online sales and new customer registrations for CallYa SIM cards through Vodafone’s website. The outage persisted for several weeks, beginning shortly after Materna publicly acknowledged the breach. Though Materna did not explicitly confirm the nature of the attack, sources familiar with the incident indicated it was likely ransomware. The company stated it had identified the attack vector and timeline but did not disclose technical specifics, citing ongoing investigations.
Materna initiated recovery efforts by deploying newly configured or reinstalled systems that had no prior connection to the compromised infrastructure, restoring operational capacity across its workforce. The company’s website resumed functionality by the Friday following the incident. Both Materna and Vodafone emphasized forensic reviews found no evidence of customer data exfiltration during the breach. Vodafone announced plans to resolve the CallYa service limitations promptly while directing users to alternative booking channels during the disruption. The attack’s downstream effects extended beyond Vodafone, causing operational failures at German airports where Materna-managed check-in kiosks became inoperative. The incident occurred amid heightened cyberattack activity globally, with entities such as health insurer BIG Direkt and technology firm Western Digital reporting similar breaches during the same period, underscoring systemic vulnerabilities across critical service providers.