Telstra blames IT blunder for leak of 130,000 customer records

(Image credit: Getty Images)

Australian telco Telstra has said that an internal IT error was the cause of a data leak affecting hundreds of thousands of customers.

The company said on 9 December that it had discovered an error that caused customers’ names, numbers, and addresses being listed on the Directory Assistance services and the White Pages.

Australia to hunt down hackers, sets 'most cyber-secure country by 2030' target Embattled Medibank faces 48-hour outage as cyber security upgrade begins Telstra suffers 'sizeable' data breach, mandates two-step security upgrade

The White Pages are a directory of contact information for people and businesses in Australia, while the Directory Assistance is used to search for a phone number of a person or business listed in the pages. The services used to be government-owned and are now privatised, and as part of Telstra’s regulatory obligations, it’s responsible for providing both to the public.

The country’s biggest telco said that a misalignment of databases was to blame for the leak, although it has not specified further. It added that no malicious cyber activity was involved.

“As soon as we became aware, we started work to remove the identified impacted customers from the Directory Assistance service and the online version of the White Pages,” said Michael Ackland, chief financial officer (CFO) and group executive of Strategy & Finance at Telstra.

Telstra is also contacting every customer affected in the incident and will offer them free assistance with IDCARE, a charity that provides national identity and cyber support to Australia and New Zealand.

The company said it is carrying out an internal investigation to understand the full scope of the incident. It added that protecting its customers’ privacy was paramount and that the incident was considered a breach of customer trust.

Telstra was also hit with a data breach at the start of October 2022, which involved the unauthorised access of employee details. It said at the time a third-party platform had been attacked and was used to access its data. The data was confined to company employees and dated back to 2017, with around 30,000 people reportedly affected.

Fellow Australian telco Optus experienced a similar attack just two weeks before the October Telstra incident, which saw the leaking of sensitive customer data online. The data included names, phone numbers, email addresses and, in some cases, passport and driving licence numbers.

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.