Telstra is facing an investigation by the Australian Information Commissioner after the carrier was forced to suspend services to hundreds of thousands of their BgPond broadband customers following a major security breach late last week.Customers are being told to reset passwords after the BipPond service was taken down following the discovery on Friday of over one million records.
Telstra communication executives said that they had no knowledge of whether any other Telstra databases had been compromised or whether the persons who broke into the BigPond database were able to access other Telstra enterprise or government databases.
A security expert said that the BigPond database leak could be a smoke screen and that other databases within Telstra could have been accessed.
Earlier today up to 1 million BigPond users could not use email and other online services while the problem was being fixed.
A message late on Sunday afternoon appeared on the the BigPond web site that said that “online services are now available for the majority of our customers. If you cannot log in to your BigPond account or need to have your password re-set, please call 133 933. We appreciate your patience as we work through this issue”
What SmartHouse wants to know is whether Telstra IT engineers have been able to ascertain how private and confidential information came to end up on a public web site.
We also want to know whether other Telstra databases were compromised.
A Whirlpool forum user discovered the ”Telstra Bundles request search” page after doing a web search for a Telstra customer support phone number.
Anyone who visited the page could search Telstra’s customer database based on the customer’s last name, account number, sales force ID or reference number.
A Telstra spoksperson said that the company will brief the Privacy Commissioner on the incident on Monday.