The German Federal Data Protection Commissioner (BfDI) has fined Vodafone GmbH a record 45 million € for gross breaches of customer privacy and security vulnerabilities.
The investigation found that employees of the company’s partner agencies committed fraudulent acts by concluding fictitious contracts or making unauthorized changes to existing contracts. Vodafone was fined €15 million for inadequate partner monitoring.
Vodafone is one of the world’s leading telecommunications operators, serving more than 330 million users in 15 countries. Despite its global scale, the local breaches in Germany demonstrate weaknesses in security risk management. At the same time, the regulator stressed that the company fully cooperated with the investigation and made significant changes to internal procedures, dismissing questionable partners and strengthening audits.
The case is a stark reminder that transparency, control over partners and a resilient digital infrastructure are critical for consumer trust and compliance with the law. Vodafone has already paid a fine and funded initiatives on media literacy, data protection and combating cyberbullying, but the lesson for other companies is clear: neglecting security has a price.
