Vodafone Australia has confirmed it believes its secure customer database has been breached by an employee or dealer who has shared the access password, revealing the personal details of millions of customers.
Vodafone chief executive Nigel Dews says he became aware the password to the online portal had been shared when the company was tipped off by a reporter on Saturday.
He says an internal investigation is underway to work out who breached the system and how.
Passwords will also be reset.
Mr Dews says a full report will be delivered on Monday but at this stage he believes it is a one-off incident rather than a widespread problem.
Vodafone says only Australian customers have been affected.
According to Fairfax newspapers, criminal groups are paying for the private information of some customers including home addresses and credit card details.
Others have also obtained logins to check their spouse's communications.
The details are reportedly accessible from any computer because they are kept on an internet site rather than Vodafone's internal system reports the ABC.
Mobile phone dealers have also admitted that anyone with full access to the system can look up a customer's bills and make changes to accounts.
