Following Optus Hack, Another Data Breach for Australia’s Biggest Telcos as Telstra Exposes Employee Data
Just two weeks after Australia’s second-largest telecoms company was hacked, the largest in the market has suffered a data breach. The Telstra breach appears to be relatively minor as compared to the Optus hack, however, as the company reports only a “small amount” of employee data was exposed.
Source of Telstra data breach still unknown, 30K employee files impacted
While the Telstra data breach is considered “relatively” minor given the size of the company, it nevertheless included a substantial amount of records; the company says that some 30,000 employee files dating back to 2017 were exposed. However, the information in each was apparently extremely basic with just names and email addresses contained in most of the breached files.
If that assessment holds up it compares quite favorably to the Optus hack, which exposed the customer records of millions of Australians including driver’s license and passport numbers. The hacker sought profit from the attack, pledging to publicly release the customer records of 10,000 people per day until they received $1 million in ransom. A 19 year-old Sydney man was arrested on October 5 after texting 93 of the victims demanding an individual $2,000 ransom from each, but police say that the man is likely not the breach perpetrator and simply made use of data that the attacker had already made public.
Telstra says that no customers were impacted by the more recent data breach, only current and former employees that were with the company over roughly the past five years. There is also not much detail as of yet about how the data breach happened, in contrast to quick assignment of blame by the Australian government in the case of the Optus hack. That breach is suspected to have originated from an unprotected API that was mistakenly exposed to the internet. Telstra only said that the data breach was at a “third party provider” and did not involve its internal systems, and that a little under half of the exposed records belonged to current employees.
There is no concrete connection between the two data breaches as of yet, but the Telstra attacker took to the same underground forum that the Optus hacker used to attempt to peddle their…