Share this article on:
Australia’s largest telco, Telstra, has issued a public apology after the public data of thousands of its customers was published online.
The incident saw the names, numbers and addresses of 130,000 unlisted customers published on Directory Assistance and White Pages.
Unlike the recent wave of data breaches affecting Optus, Medibank and more, Telstra has said that the incident was not the result of a bad actor or a cyber attack, but “was a result of a misalignment of databases”.
“As soon as we became aware, we started work to remove the identified impacted customers from the Directory Assistance service and the online version of the White Pages,” said Telstra chief financial officer Michael Ackland in a press release.
“We’re in the process of contacting every affected customer to let them know, and to offer free support through IDCARE.
“We are conducting an internal investigation to better understand how it happened and to protect against it happening again.”
While not the result of a cyber attack, the latest breach comes as the cyber security minister and the federal government look to crack down on businesses that poorly manage sensitive data.
The fine for businesses affected by “serious” or “repeated” breaches was raised from $2.2 million to $50 million.
In addition, questions have been raised as to whether companies should be holding on to data that is no longer relevant, such as information belonging to former customers.
Telstra concluded its press release with an apology, maintaining that security was its main focus.
“Protecting our customers’ privacy is absolutely paramount, and for the customers impacted we understand this is an unacceptable breach of your trust,” added Ackland.
“We’re sorry it occurred, and we know we have let you down.
“Our customer service has come a long way in recent years, including in truth-telling about our mistakes — it is part of what drives us to make change. We acknowledge that we still get it wrong too often and we simply must do better.”
Telstra suffered a small data breach only two weeks after the Optus breach that occurred in September. The breach saw employee data dating back as far as 2017 accessed by cyber criminals.