Watchdog Barks At Telstra Privacy “Breach”

X

Watchdogs make a damming assessment of data leak of 734,000 Telstra customers.

20120628083714ccab6 300x300 Watchdog Barks At Telstra Privacy Breach
Click to enlarge

Telstra breached its customer privacy obligations when personal information about 734,000 of its customers leaked online 2011, the Australia Media and Communications Authority (ACMA) said today.

The Australian Privacy Commissioner, Timothy Pilgrim, also found that Telstra failed to protect the personal information of users and breached the Privacy Act 1988, in his report, just published

The Privacy Commissioner also found “Telstra did not take reasonable steps to protect customers’ personal information from unauthorised access and disclosure.”

 Read: Telstra User Database Leaked To Web

Systems failure and an ‘incorrectly completed compliance questionnaire’ by a project manager was blamed for the leak.

 A Telstra databank with customer bill account details including names, and (in some cases) addresses, user history including bundle packages subscriptions, drivers licence numbers and dates of birth, were publicly accessible for a nine months from from 29 March to 9 December 2011, the Privacy Commissioner report found.

Account usernames and passwords of up to 41,000 Telstra customers were also accessible, the ACMA noted. 

The link to the database was publicly accessible by typing in a search request for ‘Telstra Bundles request search’ into Google by a Whirlpool forum user in December last.

Under Telecommunications Consumer Protections Code, a service provider must protect the privacy of each customer’s billing and personal information, said Acting ACMA Chairman, Richard Bean.

“We are most concerned about the length of time-more than eight months-during which a significant number of Telstra customers’ personal information was publicly available and accessible.”

There were also clear “gaps” in Telstra’s processes to identify and act on the matter prior to media reports of the leak, he added.

Telstra has taken steps to remedy its processes and was “implementing a comprehensive review of its security systems”, which ACMA said it is currently considering.

 

However, the Media Authority does not have the power to fine Telstra but can issue a direction to comply with the telco code or serve a formal warning.

The Privacy Commissioner took several months to complete its report, which had been due for completion earlier this year.

In his report, however, the Commissioner did acknowledge that on becoming aware of this incident Telstra acted immediately to restrict access to personal information, commenced an investigation and implemented a number of security  measures.

CUST Retention FY22 Sport WinterCodes Q3 NRL 728x90 Watchdog Barks At Telstra Privacy Breach
thumbnail G415 SmartHouse 728x60 Watchdog Barks At Telstra Privacy Breach
728x90 Tour Watchdog Barks At Telstra Privacy Breach
braun audio 728x90 Watchdog Barks At Telstra Privacy Breach
Mode II 728x90px product Watchdog Barks At Telstra Privacy Breach
728x90 2 Watchdog Barks At Telstra Privacy Breach
Uniden PRO 728 x 90 Watchdog Barks At Telstra Privacy Breach
LB 728x90px Watchdog Barks At Telstra Privacy Breach
728x90 Watchdog Barks At Telstra Privacy Breach
1 Watchdog Barks At Telstra Privacy Breach


YOU MAY ALSO LIKE