David Fisher reports:
A major security breach has revealed personal details of every Telecom customer – and a commercial rival is implicated.
The Herald on Sunday accessed the Telecom database using login details supplied by sales staff working for rival telco Slingshot. It gave us names, addresses and billing details for every Telecom customer.
The discovery has dismayed the Privacy Commissioner Marie Shroff, who yesterday announced she would investigate.
The Herald on Sunday has spoken to five former staff of Slingshot’s sales contractor, Power Marketing Limited, who say staff accessed Telecom customer details as part of their sales business. All five said they knew they were not allowed to, but it was common practice. They accessed the Telecom database, known as Wireline, from a computer in the Power Marketing offices in Newmarket, Auckland.
One former staff member said that the database, which contains an estimated 2.15 million names, gave sales staff the ability to know exactly what Telecom plans the customer was signed up to, how much was paid for the plan and whether they were tied to a contract.
It did not allow them to see customer credit card details or what numbers anyone had called.
So how did the employees of the marketing firm get the login credentials to the database? That’s part of what has yet to be determined but Telecom retail chief executive Alan Gourdie said that the account details
had been traced to a legitimate account used by a Telecom dealer to carry out its business. He said the inquiry had yet to discover how the account – now closed – had wound up with Power Marketing Limited.
Read more on NZHerald.co.nz