The privacy commissioner will investigate Vodafone for a possible privacy breach after customer information was leaked on the internet.

Timothy Pilgrim said: "All organisations should ensure the security of their customers’ personal information, or risk breaching the Privacy Act and causing serious customer dissatisfaction and possible loss of business as a result."

Vodafone has launched its own investigation and suspects the breach was due to an employee or dealer, who had access to the customer database.

The mobile phone and mobile broadband provider reassured customers their data is not freely available on the internet and has been changing the password to its database once every 24 hours as a precaution.

"Customer information is not publicly available on the internet and credit card details are encrypted and secure," Vodafone's director of customer service, Cormac Hodgkinson, said in a statement.

Vodafone is working with Office of the Australian Information Commissioner to investigate the issue, the telco added.

The breach came to light after the Sun Herald published a report alleging criminal gangs had been paying for Vodafone customers' information, such as names, driving licence numbers and credit card details.

Vodafone holds this information on a database, accessible over the internet with a login and password, allowing stores and dealers to help customers make changes to their account.