The Office of the Australian Information Commissioner has finalised its investigation into an allegations of a data breach in 2015 that involved iiNet subsidiary Westnet.
(iiNet and Westnet are now both owned by TPG.)
A hacker claimed in June 2015 that they had obtained a Westnet customer database that included personal details of the ISP’s customers, including usernames, addresses, phone numbers and, in some cases, password data.
Privacy Commissioner Timothy Pilgrim launched an investigation of the breach.
“The data breach had initially appeared to have occurred after a hacker compromised a Westnet legacy database containing the personal information of some Westnet customers, and offered the information for sale online,” a statement issued by the OAIC yesterday said.
“The Commissioner was concerned that this incident had revealed that some Westnet user passwords were stored in plain text.”
“In response to the investigation, iiNet confirmed that its own and WA police investigations had found no evidence of an unauthorised intrusion into the Westnet database,” the statement on behalf of the commissioner said.
In the wake of the hacker’s claims iiNet shut down the legacy database and moved customer details to a system that employed encryption to protect data, and also reviewed all of its databases to make sure that passwords were not stored in cleartext.
“The Commissioner is satisfied that the matter has been adequately dealt with by iiNet,” the OAIC statement said.