Share

Related Stories

Top 5 Stories

News

Trouble Down Under: Telstra reports another major data breach

25 May 2012

For the third time in six months, the Australian telecom giant Telstra has admitted to a significant data breach, this one affecting 230,000 online gaming customers.

Telstra said it reset the passwords of up to 230,000 customers of its GameArena and Games Shop services after the sites, which are operated by a third party, were hacked.

The company said that it believes only 35,000 members were directly affected by the breach, which resulted in the compromise of user names, email addresses, and encrypted passwords. But as a “precaution”, Telstra reset the passwords for 230,000 customers who access the sites using a non-BigPond (Telstra’s broadband service) email address. Telstra stressed that no financial or credit card information was stored on the sites.

The Office of the Australian Privacy Commissioner (OAIC) said it was opening an investigation into the Telstra breach given the substantial number of customers affected.

This is the third data breach for Telstra in the last six months. In December, Telstra admitted that account details, passwords, user names, and email addresses of 800,000 customers were exposed on the internet. This was followed by an admission that 1,500 BigPond ISP customers had their names and emails posted online.

In a separate breach incident reported to the OAIC this week, LEGO Australia, the Australian subsidiary of the Danish toy building blocks maker, said that credit card information from close to 1,600 parents was collected by an insecure website in Australia and New Zealand.

In a letter to affected customers, LEGO Australia said that it became aware that an area of its LEGO Club website was not secure when it accepted applications for membership between March 27 and May 5 of this year.

The information that was collected included names, addresses, dates of birth, and phone numbers of parents and children, according to the letter. LEGO Australia said it notified the OAIC of the breach.

While not indicated in the letter, the insecure website also took credit card information from 1,182 parents who signed their children up for club membership, Caroline Squire, LEGO’s Australia and New Zealand director of marketing, told the Sydney Morning Herald.

An update to the website in March caused the SSL certificate to be incorrectly configured, which resulted in the transactions not being encrypted, Squire explained.

This article is featured in:
Application Security  •  Data Loss  •  Encryption  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×