By Staff Writer.
Telstra is playing down a data breach that has seen the names and email addresses of 30,000 current and former employees posted on the dark web. Telstra says the information posted contained no personal identification details and was obtained from a third party rather than the telco itself. It is the second trove of Australian telco data posted online in as many weeks.
“No customer account information was included, we believe it’s been made available now in an attempt to profit from the Optus breach,” said a Telstra spokesperson. The Telstra data was posted on Breach Forum, the same site the Optus data was posted on.
The stolen Telstra data dates back to 2017 and was held by an external company involved with Telstra’s now-defunct WorkLife NAB program. The Telstra spokesperson said the data wasn’t sensitive and was no different to what could be obtained via LinkedIn or Google. According to Telstra, the WorkLife NAB program was run by Pegasus Group Australia, which is a subsidiary of MyRewards International Ltd.
“It’s not a breach of an internal system. It’s a platform we no longer use and haven’t used for a number of years. It’s old information from 2017, a lot of it wouldn’t be relevant.”
Of the 30,000 records leaked, around 12,800 are believed to relate to workers still employed at Telstra.
“The relevant authorities have been notified, we’ve let current employees know, and while the data is of minimal risk to former employees, we will attempt to notify them too,” said the spokesperson.
The NAB denies its systems were breached, saying they haven’t had a “relationship” with Pegasus Group Australia for several years. Media reports say that the hackers used data scraping, collecting old data with the aim of presenting it as current data.
“We understand this may cause some anxiety to our people, particularly in the current climate of heightened awareness around cyber security,” Telstra executive Alex Badenoch told staff. Telstra says it became aware of the data breach last week and moved swiftly to notify employees.
The Telstra breach follows the massive Optus data breach last month involving nearly ten million customers. This week, Optus confirmed that 2.1 million customers had one or more forms of identification stolen in the attack. While almost one million of those documents are believed to be past their expiry date, the telco did say that the hacker had obtained around 50,000 current Medicare card records and 150,000 current passport records.