Australian Telcom Giant, Telstra investigated over data breach

TELSTRA faces the wrath of the Federal Privacy Commissioner after leaving customer details of potentially millions of customers exposed on the web including, reportedly, usernames and passwords. The details were exposed in a search page used by Telstra customer service agents that was left unprotected and openly accessible on the web. The page entitled "Telstra Bundles request search" was reportedly discovered by a user of the community broadband forum Whirlpool. Telstra hastily tore down the site after it became aware of the breach late this afternoon but not before computer security experts showed that it could be used to access customer details including their account numbers, broadband packages, technician visits and, in some cases, their email’s usernames and passwords. Media reports suggested credit check details were also accessible but that was not confirmed by Telstra. Alarmingly, Telstra said it was unsure how many customers’ details were potentially breached. "(It’s) unsure at this stage, it appears to be limited to bundled customers but we don’t know how many," a Telstra spokeswoman said. In its 2011 annual report Telstra reported that it sold 659,000 new product bundles in the year to June 30, 2011. The privacy commissioner had been made aware of the breach and a full investigation and report into the lapse would be prepared as soon as possible. The spokeswoman said the carrier’s priority was to close the security hole. The company would also move as quickly as possible to notify customers of the breach and maintain transparency around reporting details of the incident. source