Australian telecommunications company Telstra recently publicly apologised for a massive data breach. The large-scale incident resulted in the personal details of over 130,000 of the company’s customers becoming exposed contrary to their wishes. The data breach at Telstra is the latest incident of such scale suffered by an enterprise in Australia.
Private data released against customer wishes
The 132,000 Telstra customers impacted by the breach had formally requested their personal phone numbers not be made available publicly. However, due to an internal error, the personal information belonging to the data subjects was exposed. Chief Financial Officer for Telstra, Michael Ackland, has released a statement apologising and explaining what occurred.
In an interview with Today, he stated that 16,000 of the customers involved in the mistake had their telephone numbers published in the online edition of the popular White Pages directory. He added:
“The balance of the 132,000 were not available online, but were available on directory assistance, which is a service where you call 1234 and you can ask for the phone number of an individual person.”
The CFO explained that Telstra teams had first discovered the data breach when conducting the company’s routine auditing process, commenting:
“We found there were misalignments where customers, who in our databases we believed should have been unlisted, were flagged as listed in the directory assistance database, and those 16,000 customers in the White Pages database.”
Actions following a largescale data breach where PII is exposed
Regarding the steps that Telstra took after identifying the breach, Ackland stated that the company had taken immediate action. It moved quickly to remove all the numbers from the White Pages directory after uncovering the fault. Furthermore, he added that the company was now working to remove the erroneously released data from all the databases providing directory assistance.
The CFO confirmed that Telstra had reached out to all its customers who were impacted by the breach to explain what had happened and to offer them service ID care, free of charge. He added that he believed it was fair for Telstra customers to feel let down after the incident, stating:
“It is unacceptable that this occurred. We of course apologise. Customers have every right to request their service is unlisted which millions of customers do. We’re continuing to review and look at our processes and how we audit and reconcile the databases to ensure it doesn’t happen again.”
Due to the rise in phishing attacks that are delivered via phone, it is becoming increasingly common for many individuals to request that their personal telephone numbers are not available to all. Similarly, many enterprises will advertise a general number for an individual department but keep individual extension numbers of their team members private.
People who have had their telephone numbers exposed in a breach should always be wary of requests for personal or financial details that come via this communication channel. They should also be wary of any calls concerning the company that was breached.