Australia's Data Breaches Continue With Telstra's Third-Party Supplier Hacked

Written by

Australia's largest telecoms firm Telstra revealed on Tuesday it was hit by a "small data breach" caused by one of its third–party suppliers being hacked.

Writing in a blog post (and on social media), Narelle Devine, chief information security officer for Asia Pacific at Telstra, stated that there was no direct breach of the company's systems, and no customer account data was involved.

"Critically, there was no breach of any Telstra systems, and no customer account information was stored on the third–party platform," the executive wrote.

According to the blog post, the data posted on the internet by the hackers who stole it was from 2017 and was "basic in nature." Telstra said only names (first and last) and email addresses used to sign up to the employee rewards program were impacted.

"We became aware of this event last week and notified our team soon after," Devine said. "We've already let our current team members know, and while the risk is low for former employees, we will try to contact them."

Further, the security experts said the team has learned the breach was not specific to Telstra and that several other companies relying on the third–party provider have also been affected.

The platform reportedly responsible for the break was Work Life NAB. Used by several organizations and run by Pegasus Australia (a subsidiary of MyRewards International), the company is no longer live.

"Unfortunately, these types of events are not uncommon and, given the interconnected world that we live in, one event can impact many organizations," Devine admitted.

Still, the Telstra executive said the firm is currently investigating the breach and will provide additional information about it on its website and social media channels.

"Cybersecurity is a team sport, and we will continue working with the third party to determine how this happened and understand any additional impacts that may arise," Devine concluded.

The Telstra data breach comes two weeks after Optus, its main competitor in Australia, suffered a hack that exposed the data of nearly 2.1 million people in the country.

What’s hot on Infosecurity Magazine?