Telstra privacy breaches

December 12, 2011 |

There has been widespread reportage of privacy breaches at the Telstra bigpond site last weekend.

Typical of the reportage is that in the Herald Sun which provides:

The majority of BigPond email users have been reconnected after a privacy breach shut down the system for more than 24 hours.

“BigPond email has been restored for the majority of customers and other services are being progressively restored now,” Telstra said in a statement on Saturday afternoon.

“As a precaution, we are resetting the passwords of around 60,000 customers whose password or user ID may have been inadvertently displayed.

“We are expecting the actual number of customers whose user ID and/or password details were displayed to be significantly less than this.

“We will be in contact with all of these customers but it will take some time.”

Customers who need help can call 1800 991 053.

A full investigation is underway, Telstra says.

Telstra says it was made aware of the breach about four o’clock (AEST) yesterday afternoon and disabled its online billing, BigPond self-care and My Account functions on its website an hour later.

Account details of just under one million Telstra customers were potentially compromised when the customer service website was openly accessible on the web.

Telstra says the services are still not available and many passwords will have to be reset, but a full investigation is underway.

The personal details of customers were exposed on the internet after an internal search system used by the telecommunications giant’s customer service staff was made public.

The site listed customers on bundle plans and included their names, plan types, email addresses and passwords, and any contact they had had with Telstra customer service staff.

Personal data of up to a million Telstra customers could be have been breached because of a bungle by Telstra.

A web user found the site after Googling a Telstra customer service phone number yesterday afternoon. They then posted it on a forum.

A spokeswoman from the Australian Communications Consumer Action Network said Telstra should be held accountable for its customers’ privacy.

“It almost defies belief that a company like Telstra did allow a leak like this to happen, they have a responsibility to their customers to ensure their data is kept private and they are a repeat offender,” she said.

“We expect there will be a full investigation and expect that organisations prevail to keep their customers’ information private and are held to account.”

Reports suggested credit check details were also available, but a Telstra spokeswoman said she was not aware of this data being available.

“I’m fully confident the exposure did not include credit details but we’ll investigate and get to the bottom of this, and our customers will be the first to know,” she said.

Telstra hastily removed the website about 5pm yesterday.

It also disabled its online billing, BigPond self care and My Account functions.

A Telstra spokeswoman said it was unclear how many accounts had been accessed.

“We apologise to customers who may have been impacted by this issue,” she said.

“Telstra takes its customers privacy seriously.”

The spokeswoman said it was not known how long the site had been accessible.

“The site has been disabled and a full investigation is under way.”

The telco alerted the Privacy Commissioner to the breach yesterday and will contact affected customers within the next week.

Late last year Telstra sent the details of more than 60,000 customers to wrong addresses in a mail-out blunder.

The Privacy Commissioner ruled that bungle was human error and Telstra was not to blame.

 

 

Leave a Reply