Telstra staff info stolen in data breach

Telstra has become the latest telecommunications operator to get stung by a data breach, with names and email addresses of 30,000 current and former staff posted on the Dark Web.

The telco said on Tuesday that its internal systems had not been hacked. Instead, hackers stole the information from workforce management software company, Pegasus, which was involved in providing a rewards program for Telstra’s staff.

The Telstra staff data from 2017 was published on the same forum that published the Optus customer data last week.

The names and email addresses of about 30,000 current and former employees were published on the Dark Web.Credit:Craig Sillitoe

“We’ve been made aware of a data breach affecting a third party that included limited Telstra employee information from 2017,” a Telstra spokesman said. “To be clear, it was not a breach of any Telstra systems.”

The breach of employee data was not from Telstra’s systems and is limited to names and email addresses. Sources familiar with the breach, who requested anonymity, said Pegasus was the company that had been hacked. Pegasus was approached for comment.

“No customer account information was included. We believe it’s been made available now in an attempt to profit from the Optus breach. The relevant authorities have been notified, we’ve let current employees know, and while the data is of minimal risk to former employees, we will attempt to notify them too.”

But the release of personal information comes two weeks after about 10 million Optus customers had their personal information including Medicare, passport and driver’s licence numbers accessed by a hacker.

Optus has claimed 7.7 million of the 9.8 million people whose data was accessed do not need to replace documents. That could be because their identity document data was not collected, was not recorded properly, or is out of date and cannot be used to verify their identity.

There are another 2.1 million customers with identification numbers that potentially require replacement. Some 900,000 of those are expired, Optus believes, but may need replacement because of the practices in some states. Optus has confirmed about 150,000 passport numbers were affected along and 50,000 Medicare numbers, but a major portion have expired.

Optus has employed Deloitte to conduct a review of the cyberattack, which is the largest in Australian corporate history. It has come under sustained criticism from the federal government for having insufficient safeguards to protect consumers’ information and taking too long to inform customers about whether they had been caught up in the breach.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Technology

From our partners

Source: Read Full Article