A Vodafone customer was shocked to open their latest bill from the telco to find invoices for 18 other customers, complete with their names, phone numbers and addresses.
The customer, alarmed about the potential scale of the privacy breach and whether their own details might have been sent to other customers, alerted Vodafone on its Facebook page on Tuesday night.
The telco responded in a Facebook post on Wednesday morning saying "this sounds very concerning" and asking the customer to contact the company directly with more details.
The 18 accounts - plus part of an account document for a 19th named person - are held by customers throughout the country and included companies. The accounts also showed their pricing plans.
No credit card or banking information was shown.
Vodafone responded to the Herald's first approach to discuss the issue with a short written statement attributed to a spokesman.
It said: "We can confirm a customer received an e-bill with a PDF containing the name, address and phone numbers for an additional 18 customer accounts. There was no credit card or banking information involved in this incident, the only information was related to their mobile account (i.e. name, address, and phone number)
"We apologise to all of those impacted by this incident and our team is in the process of contacting the 18 account holders whose contact details were erroneously added to this customer's bill. We believe this issue was an isolated technical glitch, however we are working closely with our billing delivery partner to investigate and ensure that is the case.
"We have also been in contact with the customer who received the data in error to ask that the original PDF be deleted to further reassure the impacted customers."
The Herald went back to Vodafone.
Asked if any other customers had received other customers' invoices and details with their January bills, the company said initial investigations "have not indicated any additional instances, however we are continuing to work with the third-party billing delivery partner to be sure".
To the Herald suggestion that it appeared the company would be reliant on another customer to raise a red flag, the company said it was reviewing the bill run in question - "at this point in time it appears to be isolated".
As to what sort of "technical glitch" caused the issue, Vodafone responded it was too early to be sure of the root cause.
Asked if such an issue had occurred before, the company said it was also investigating this question.
On measures being taken to ensure no repeat of the incident, the company said it was working with its billing delivery partner on necessary steps to avoid a reoccurrence.
"Once we understand the root cause we will take immediate steps to address the issue."
The Herald put it to Vodafone that while no banking details or credit card numbers were revealed, some people and businesses regard their phone use as highly confidential.
To the suggestion that quite apart from revealing names, addresses and phone numbers, Vodafone had seriously breached customer privacy, the company said:
"We take this matter very seriously and we understand that people's name, address and phone number are personal information. The details of who a customer calls or when they make calls are not included in any of our bills.
"Our privacy, technical and billing teams are reviewing the incident with urgency and will take all appropriate steps as need to reassure customers and prevent any reoccurrence."