[BreachExchange] Telstra customer stumbles across contact details of 66, 000 fellow customers
Destry Winant
destry at riskbasedsecurity.com
Mon Jul 30 23:27:22 EDT 2018
https://www.9news.com.au/national/2018/07/27/18/31/telstra-privacy-breach-66000-customers-contact-details-leaked
A 63-year-old layman, who admits he isn’t a “tech-savvy person”, has
somehow been able to access a Telstra database containing the contact
details of their customers.
Robert Irvine has told 9NEWS he had an issue with his email and
thought he might be able to fix it by logging on to his Telstra
account.
Once he signed in, he put in the search term “email” and it returned
66,500 results containing names, addresses, email addresses and phone
numbers.
“It was so easy it was unbelievable,” Mr Irvine said. “I actually
checked it a couple of times to make sure it wasn’t by accident. I
could easily access the information.”
The first result Mr Irvine discovered was for a man employed by the
Department of Defence.
“I got through to his phone and I got his answering machine. So I
didn’t speak to him but I checked that this was all real,"
“I was shocked when I saw the person’s personal email address, his
phone number, a shift phone number and there is information on there
about job positions as well.”
Kimberley Cox was another Telstra customer whose information Mr Irvine
was able to access.
“I’m actually in a lot of shock,” she told 9 NEWS.
“I didn’t get contacted by [Telstra] at all or notified that this has
happened. How does something like this even happen? Especially in
today’s world where we have all these great privacy acts.”
Telstra has since apologised for the issue which is now under
investigation. It says the database Mr Irvine was able to access was
for planned network interruptions through a site called “Your Telstra
Tools”. Telstra pulled down the site when alerted to the data error by
9NEWS.
“We will keep that site and access to that service down for all of our
customers until we are fully satisfied that any and all issues have
been resolved,” said Telstra Head of Sales and Service, Michael
Ackland.
“Our IT security team is investigating all of those angles and issues
right now and we will not move forward with bringing back access to
those tools until we are completely satisfied any and all issues have
been resolved.”
Telstra has also since identified two other customers who were able to
access the database like Mr Irvine. It says only 18 customer files
were actually viewed, but just how many customers files Mr Irvine had
the potential to view will form part of their investigation.
“We really do apologise to those customers who have been impacted,”
said Mr Ackland. “We are in the process of contacting those customers
to make sure any of their concerns are resolved.”
More information about the BreachExchange
mailing list