Over the weekend, reports emerged that Telstra was the latest casualty in a number of data breaches experienced this year. Australia’s incumbent telco apologised, saying customer details were exposed ‘accidentally’.
What happened was that a “misalignment of databases” meant the details of some unlisted customers were made available via directory assistance or the White Pages.
While not the result of a cyber attack, Telstra accidentally published the names, numbers and addresses of some unlisted customers. per Per a report by the Australian Associated Press, published on The Guardian, details on up to 130,000 customers are believed affected by the breach, but the ABC this morning is reporting the number as closer to 150,000. Gizmodo Australia has reached out to Telstra for confirmation on the number and will update this article when we hear back.
“Protecting our customers’ privacy is absolutely paramount, and for the customers impacted we understand this is an unacceptable breach of your trust,” Telstra executive Michael Ackland said in a statement.
“We’re sorry it occurred, and we know we have let you down.”
After praising the telco’s customer service, Ackland also added: “We acknowledge that we still get it wrong too often and we simply must do better.”
Telstra is contacted impacted customers and is offering free services to combat identity theft. The telco also said it’s working on pulling the details from online databases.
But what exactly happened?
As part of Telstra’s regulatory obligations, it is responsible for providing Directory Assistance services and the White Pages.
It recently discovered an error which resulted in some customers’ names, numbers and addresses being listed when they should not have been. This is what it’s saying was the result of a misalignment of databases.
Any further detail is yet to be disclosed.
In early October, Telstra admitted a third party it uses for its staff rewards program had suffered a breach, with “limited” Telstra employee information from 2017 affected by the incident.
The data breach is believed to affect around 30,000 current and former staff, with their names and email addresses posted on what is believed to have been the same forum as the Optus customer data was. 12,800 of the names leaked were still employed by Telstra.