Not a malicious cyberattack. Telstra says sorry after database error results in names, addresses of unlisted customers being released
Australian communications giant Telstra has publicly apologised after it accidentally released the names, numbers and addresses of some unlisted customers.
The Aussie telecoms giant tweeted that the data breach was not the result of a cyberattack, but was in fact a “system error on our end”. Local media reports suggest up to 130,000 customers have been impacted by the breach.
This is a second breach at Telstra in recent times. In October it suffered what it labelled a small data breach, attributing it to third-party intrusion that exposed some employee data going back to 2017. That breach is thought to have impacted 30,000 staffers.
Now Telstra on Sunday in a blog post blamed a “misalignment of databases” and not a cyberattack, which meant the details of some unlisted customers were made available via directory assistance or the White Pages.
The White Pages in Australia is a directory of contact information for people and businesses in the country, which used to be owned by the government before it became Telstra’s regulatory responsibility.
“For the customers impacted we understand this is an unacceptable breach of your trust,” Telstra executive, Michael Ackland wrote in the blog. “We’re sorry it occurred, and we know we have let you down.”
Telstra said it was working to pull the data from the internet.
Affected customers are being contacted and offered free services to combat identity theft.
Telstra’s Ackland added that the telco was investigating how the breach occurred.
“We are conducting an internal investigation to better understand how it happened and to protect against it happening again,” Ackland reportedly said.
“Our customer service has come a long way in recent years, including in truth-telling about our mistakes – it is part of what drives us to make change,” said Ackland. “We acknowledge that we still get it wrong too often and we simply must do better.”
Australia has been in the headlines in the last few months for some notable data breaches.
The Australian government was not all happy in September about a security breach at Optus, the second largest mobile operator in Australia.
The operator, owned by Singapore Telecommunications Ltd, confirmed that a cyberattack had compromised the data belonging to millions of its customers.
As many as 9.8 million accounts were compromised, equivalent to 40 percent of Australia’s population. Stolen data includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.
Then in October Australia’s leading health insurer Medibank found itself being blackmailed by Russian hackers, after they stole 200GB of Australian patient data, including names, addresses, phone numbers, dates of birth, financial data, and in some cases actual medical data including abortions etc.