Australia’s Telstra suffers privacy breach, 132,000 customers impacted


SYDNEY, (Reuters) – Australia’s largest telecoms firm Telstra Corp Ltd (TLS.AX) said on Sunday that 132,000 customers were impacted by an internal error that led to disclosure of customer details.

Telstra, which has 18.8 million customer accounts equivalent to three-quarters of Australia’s population, said an internal review found the details were made publicly available due to “a misalignment of databases”.

Telstra referred Reuters to a company blog post, issued on Friday, that said “some customers’ names, numbers and addresses” were listed when they should not have been. “We are removing the identified impacted customer details from the Directory Assistance service and the online version of the White Pages,” Telstra chief financial officer Michael Ackland said in a statement.

The errant disclosure comes after the company in October suffered what it called a small data breach, attributing it to third-party intrusion that exposed some employee data back to 2017.

A Telstra internal staff email put the number of affected current and former employees of that breach at 30,000, according to local media. Regarding the current issue, Ackland said “no cyber activity was involved”.

“Protecting our customers’ privacy is absolutely paramount and this is an unacceptable breach of their trust,” he added.

“We are in the process of contacting every impacted customer to let them know what has occurred.”

Australia’s telco, financial and government sectors have been on high alert since Optus, owned by Singapore Telecommunications Ltd (STEL.SI), revealed on Sept. 22 that a system breach may have compromised up to 10 million accounts. The data exposed in that breach, taken as part of a sophisticated hack, included home addresses, drivers’ licenses and passport numbers in what was one of Australia’s biggest cybersecurity breaches.