Pacnet, the Asian telco services provider Telstra acquired for nearly a billion dollars, has experienced a data breach.
Telstra held a rushed conference call this afternoon to brief the media on the issue. Telstra's Group Executive of Global Enterprise Services, Brendon Riley, said that during the settlement process for Pacnet, the services provider informed Telstra that its corporate IT network had experienced a "security vulnerability" which had enabled third-party access to their back-of -house infrastructure. Pacnet had been working on the issue and Telstra took immediate action on finalisation of the purchase back in April.
The network was breached due to an SQL vulnerability that saw "malicious software" uploaded to the network, Riley added in a statement.
As a result, Telstra has told customers that "admin and user credentials" have been stolen. While Telstra won't confirm how many customers were affected, it did let slip that the Australian Federal Police are customers who are currently being notified.
Telstra said in its statement that there hasn't been any connection between the Pacnet network and Telstra's network, adding that Telstra customer details are safe.
Telstra sent its security experts to Hong Kong to conduct a detailed assessment of the situation, and have since closed the breach. Riley said that the perpetrators haven't come forward to identify themselves following the breach, and added that finding them will be very difficult.
"While we will look into who was behind the breach we may never know as attribution is very difficult. We have not had any contact from the perpetrators nor do we know the reason behind this activity.
Our focus at this time is not on attribution. It is on working with our customers and staff to help them understand what has occurred."