Telstra apologises after customer records appear online

Spreadsheets containing phone numbers, names and home addresses were able to be accessed using Google search
Telstra apologises after customer records appear online

Telstra has issued a formal apology to affected customers after phone numbers, names and home addresses contained in spreadsheets were found online during a Google search.

SMS Broadcast owner, Lee Gaywood, contacted the Sydney Morning Herald and said that he found the data when searching on Google for telco carrier access codes. According to Gaywood, he needs to know the codes for his SMS service to work.

Telstra took the files offline on 15 May after being notified of the breach by Fairfax, according to the SMH report.

A Telstra spokesman told Computerworld Australia that the company takes customers’ privacy “very seriously” and it was investigating the issue.

“We have since removed access to the data and early indications show is it is generally the same type of information you can find publically in the white pages, and we believe at this point it's more than six plus years old,” he said.

The spokesman added that that the Privacy Commissioner, Timothy Pilgrim, had been fully informed.

Telstra customer service executive director Peter Jamieson said in a blog posting that it was “not acceptable” for the incident to have occurred.

“I apologise and assure everybody that we’ll find out exactly what has happened here and do everything we can to make sure this does not happen again,” he said.

According to Jamieson, the telco was taking steps to identify affected customers and work with them on an individual basis.

“Additionally, we will be contacting all customers whose information was inadvertently made available.”

Telstra has been investigated by the Privacy Commissioner twice for data breaches in the past three years.

The first investigation took place on 28 October 2010 when Telstra told the Office of the Australian Information Commission (OAIC) that a mailing list error had resulted in approximately 220,000 letters with incorrect addresses being mailed out.

Telstra disclosed that this error may have caused the personal information including names and telephone details of some of its customers to be improperly disclosed.

Following his investigation into the matter, the Privacy Commissioner concluded that Telstra had breached National Privacy Principle (NPP) 2 by disclosing the personal information of some of its customers to unauthorised third parties.

On 12 December 2011, Pilgrim was on the case again after Telstra’s customer service website was openly accessible on the Internet.

The telecommunications company said it was made aware of the privacy breach and disabled its online billing, BigPond self-care and My Account functions on its website.

Account details including account numbers, phone numbers and credit card details of just fewer than one million Telstra customers were potentially compromised by the breach.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: Google, Telstra
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Timothy Pilgrim, privacy commissioner, privacy breaches, Telstra
Whitepapers
All whitepapers

Mac Pro shortage sets record as worst Mac production boondoggle

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia