Australian telco Telstra has said that an internal IT error was the cause of a data leak affecting hundreds of thousands of customers.
The company said on 9 December that it had discovered an error that caused customers’ names, numbers, and addresses being listed on the Directory Assistance services and the White Pages.
The White Pages are a directory of contact information for people and businesses in Australia, while the Directory Assistance is used to search for a phone number of a person or business listed in the pages. The services used to be government-owned and are now privatised, and as part of Telstra’s regulatory obligations, it’s responsible for providing both to the public.
The country’s biggest telco said that a misalignment of databases was to blame for the leak, although it has not specified further. It added that no malicious cyber activity was involved.
“As soon as we became aware, we started work to remove the identified impacted customers from the Directory Assistance service and the online version of the White Pages,” said Michael Ackland, chief financial officer (CFO) and group executive of Strategy & Finance at Telstra.
Telstra is also contacting every customer affected in the incident and will offer them free assistance with IDCARE, a charity that provides national identity and cyber support to Australia and New Zealand.
The company said it is carrying out an internal investigation to understand the full scope of the incident. It added that protecting its customers’ privacy was paramount and that the incident was considered a breach of customer trust.
Telstra was also hit with a data breach at the start of October 2022, which involved the unauthorised access of employee details. It said at the time a third-party platform had been attacked and was used to access its data. The data was confined to company employees and dated back to 2017, with around 30,000 people reportedly affected.
Fellow Australian telco Optus experienced a similar attack just two weeks before the October Telstra incident, which saw the leaking of sensitive customer data online. The data included names, phone numbers, email addresses and, in some cases, passport and driving licence numbers.
-
300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a yearAnalysis Lengthy OT lifespans give attackers time to penetrate networks underpinning critical infrastructure and plan future disruption
-
The business value of Zscaler Data ProtectionWhitepaper Understand how this tool minimizes the risks related to data loss and other security events
-
Why your business needs zero trustWhitepaper How zero trust can right the wrongs of legacy security architecture
-
Definitive guide to ransomware 2023Whitepaper A guide to help rethink your defence against ransomware threats
-
Why Fulham FC’s geography makes running IT so challengingCase Study Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think
-
Hardware security and confidential computing in server platformswhitepaper Computing security is central to IT infrastructure transformation
-
Capita cyber attack could cost firm up to $25 million in feesNews Capita’s costs in the wake of a cyber attack could exceed expectations, experts have warned
-
Capita finally admits breach affecting 4% of its servers
News It also allegedly misled the public about when the breach took place
