Telstra reported that there was a data breach that involved thousands of its employees’ names and email addresses which was posted on a dark web forum. This Telstra hack came a few weeks after its chief competitor Optus suffered a similar data breach that the hackers demanded AUD$1.5 million in Monero, a crypto token.
This article presents essential information regarding the Telstra hack.
Overview of Telstra breach
Telstra is an Australian telecom giant which provides retail mobile services to over 18 million active subscribers in the country. Hackers reportedly tried leaking sensitive information from Telstra company and holding them to ransom.
The data breach involved the information of about 30,000 Telstra staff, including their first names, last names, and work email addresses which was subsequently leaked on the dark web. However, no record of sensitive information such as customer details, credit cards, and internal systems was leaked during the data breach.
Out of the names leaked, about 13,000 staff still work at the company. Telstra has taken the initiative to inform its current employees regarding the hack and plans to reach out to past employees regarding this breach despite being low risk for them.
Speaking on this Breach, Alex Badenoch, Telstra’s group executive for transformation, communications, and people, made a staff note to the entire company staff about this leak over the past weekend. She reassured the staff that the telecom giant was working with a third-party company to investigate the data breach.
In her staff note, she explained:
“We understand this may cause some anxiety to our people, particularly in the current climate of heightened awareness around cyber security… Don’t hesitate to contact our cyber team if you wish to find out more about the breach or if your email address was exposed.”
Badenoch said the company had reset all user passwords to renew security measures. She also stressed that this incident did not compromise other information, including the current rewards program and customer data. Further, Badenoch cautioned the staff to remain alert and be wary regarding communications.
A successful data breach?
The significance of these leaked data has been downplayed by a Telstra spokesperson who believes the leaked data is “very basic in nature.” He reasoned that the hacker’s idea was to breach the Telstra system and release the stolen information to profit from the Optus Breach.
Findings regarding the data breach revealed that it was not an internal system breach. Instead, the data was obtained from a platform the company has not accessed since 2017. Also, the hacker posted it on the dark web and tried to sell it off as new information.
This unsuccessful data breach regarding Telstra is not the case with the company’s main competitor, Optus. Optus reported that the recent hack exposed nearly 2.1 million Australian Telecom customers.
After the Optus breach, the assailant, invoking the alias “optusdata,” subsequently published a sample of stolen data that belonged to about 10,200 users and demanded that Optus pay a US$1 million ransom to avoid more leaks.
However, the extortion demand has been withdrawn, as the attacker claimed that the stolen data only copy had been destroyed. There are twin operations launched by the Australian Federal Police (AFP) to bring these perpetrators to justice and protect the 10,200 customers whose information has been leaked in the Optus hack.
In light of the Optus data breach, the government is critical of how the company handled the breach and how Optus delayed communication with customers. As such, the Australian government and policymakers under Prime Minister, Anthony Albanese, have revealed plans to make swift changes to Australia’s privacy laws.
