More than 130,000 Telstra customers have had their personal details leaked online due to an internal error.
The telecommunication giant on Dec. 9 said some customers’ names, addresses, and phone numbers were incorrectly listed on the White Pages and Directory Assistance Services websites that the company is responsible for providing.
Telstra said no cyber activity was involved and called it “a result of the misalignment of databases.” No customer account information was included in the error.
“We are removing the identified impacted customer details from the Directory Assistance service and the online version of the White Pages,” Telstra Chief Financial Officer Michael Ackland said in a statement.
“We are in the process of contacting every impacted customer to let them know has occurred and offer free support from IDCARE.”
In a note to staff on Saturday, Telstra’s communications chief Alex Badenoch said the breach came from a third party that used to provide a rewards program called Telstra’s Worklife NAB for staff.
“We understand this may cause some anxiety to our people, particularly in the current climate of heightened awareness around cyber security,” she said, according to Sky News.
“If you wish to find out more about the breach, or to find out if your email address was exposed, please contact our cyber team.
“In the meantime, we remind you as always to remain vigilant about any unexpected communications.”
Telstra is conducting an internal investigation to better understand how the error happened and to “protect against it happening again.”
The company also apologised for the data release, saying it’s an “unacceptable breach” of customers’ trust.
“Protecting our customer’s privacy is absolutely paramount, and for the customers impacted we understand this is an unacceptable breach of your trust.
“We’re sorry it occurred, and we know we have let you down.
“Our customer service has come a long way in recent years, including in truth-telling about our mistakes—it is part of what drives us to make change. We acknowledge that we still get it wrong too often and we simply must do better.”
Latest In Wave of Data Breaches
Telstra is the latest corporation to see its customer details incorrectly published online after telecommunication giant Optus and Australia’s largest health insurer Medibank became victims of cyber attacks.
In November, Russian hackers stole the personal information of 9.7 million former and current Medibank customers, including names, birth dates, addresses, email addresses, and phone numbers.
Data has released publicly in waves after the health insurance company announced it would not be paying the US$10 million ransom demand. The data breach is expected to cost the company up to $35 million (US$24 million).
In September, an alleged attacker called ‘OptusData’ released 10,000 customer records and threatened to leak more if the Australian telecommunication giant refuses to pay them US$1 million in cryptocurrency.
The text leak contained names, dates of birth, email addresses, driver’s licence numbers, passport numbers, Medicare numbers, phone numbers, and address information, as well as more than a dozen state and federal government email addresses.
But the hacker later retracted the threat and claimed they deleted their copy of the Optus data.“Too many eyes. We will not sale [sic] data to anyone. We can’t if we even want to: personally deleted data from drive (Only copy),” they said in a post.