3rd Party Risk Management
Governance & Risk Management
Telecommunication Giant Telstra Says It Was a Small Data Breach
Australian telecommunications provider Telstra said Tuesday it suffered a “minimal risk” data breach just weeks after rival Optus underwent a major cybersecurity incident.
See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity
Telstra, Australia’s largest network provider, attributed the breach to the provider of a now-obsolete employee rewards program.
“There has been no breach of Telstra’s systems. And no customer account data was involved,” the company says. A hacker going by the handle of PwnSec posted Telstra information to the same online forum where someone last week published two samples of data taken from Optus (see: Optus Under $1 Million Extortion Threat in Data Breach).
PwnSec attributes the stolen data to myrewards, a website that connects brands with shoppers. Appearing in the publicly-viewable portions of the dataset are emails that correspond to the web domain of National Australia Bank, one of that country’s “Big Four” lenders. The bank did not respond to an inquiry from Information Security Media Group.
Reinforcing its message of minimal risk to the public, Telstra sent a series of tweets emphasizing that none of its systems or networks were breached and stating that the affected data is limited to the first and last names and email addresses of employees from 2017.
news.com.au says up to 30,000 past and present Telstra employees appear to be in the leaked data set. Of these, nearly 12,800 are still employed with Telstra, the online news site reports.
Telstra says it has already informed the authorities and its current employees about the breach.
In an email sent to Telstra employees reported by news.com.au, group executive for transformation, communications and people Alex Badenoch characterized the leak as an opportunistic to profit from the tense climate created by the Optus breach.
Optus, in a Monday update, downgraded the number of affected users from 9.8 million to 2.1 million. “7.7 million customers do not have to take any further action [while] 2.1 million customers have had an identity document number exposed where they may need to take an action,” said Optus CEO Kelly Bayer Rosmarin.