A hacker has stolen the names, addresses and bank account numbers of about 2 million Vodafone Germany customers who should beware that criminals may now try to elicit other information such as passwords, the company said.
The mobile phone operator, which has around 32 million clients in Germany said that the hacker, who had gained access to one of its servers, had not obtained any passwords, security numbers or connection data.
"It is hardly possible to use the data to get direct access to the bank accounts of those affected," the mobile phone network operator said in a statement.
But it warned customers that criminals could launch so-called "phishing" attacks, using fake e-mails, to try to trick them into revealing more details.
"This attack was only possible with the utmost criminal energy as well as insider knowledge and happened deep within the IT infrastructure of the company," Vodafone said.
A source close to the company, who declined to be named, said the investigation was looking into a person who was working for a sub-contractor for Vodafone's administration system.
Privacy and personal data are sensitive issues in Germany due partly to a history of heavy surveillance of citizens in the former communist East and under Nazi rule.
There has also been public indignation over reports of US snooping based on documents leaked by fugitive former National Security Agency contractor Edward Snowden.
The scandal unleashed by Snowden, which has filled German newspapers for weeks, has become a major headache for Chancellor Angela Merkel ahead of a September 22 election.
"This may well be one of the largest cases of personal data thefts for German customers," Mikko Hypponen, chief research officer at internet security company F-secure said.
In a previous major international case, which also involved Germans amongst others, data was stolen more than two years ago from almost 80 million user accounts of Sony's PlayStation Network.
And in 2009 in the United States, a hacker called Albert Gonzalez pleaded guilty to stealing tens of millions of payment card numbers by breaking into corporate computer systems at companies such as 7-Eleven and Target.
Vodafone said it was working with police to investigate the matter and had sealed the ports the hacker had used to access its servers.
A special cybercrime unit in the state of North Rhine-Westphalia has taken the lead in the case, the public prosecutor said.