blog It hasn’t been a good few years for the nation’s biggest telco Telstra when it comes to data breaches. It almost seems like every three to four months, there’s a new chunk of Telstra’s customer data leaked onto the public Internet, and the company has to make yet another apology to those affected, as well as kicking off another ‘review’ of its systems. News of the latest blunder comes from the Sydney Morning Herald, which writes (we recommend you click here for the full article):
“Fairfax found approximately 1677 customer records in one of the spreadsheets, which contained Telstra customers’ names, phone numbers, plan names and home addresses. A further three spreadsheets contained 8201 customer records that contained only names and telephone numbers, but not home addresses.”
Telstra has already attempted to apologise and clean up its mess. The company’s executive director of customer service for its consumer division, Peter Jamieson, writes on Telstra’s Exchange blog today:
“When we learnt some of our customers’ details were publicly available we immediately convened a team to have access to the data removed and commence an investigation. It is not acceptable, under any circumstances, for this to happen. Telstra takes seriously the confidentiality of all its customers’ data – our customers trust us and we recognise the responsibility this trust means to get this right. We have to do everything possible not to breach that trust.
We are still investigating what happened and the team worked round the clock last night looking through the data and trying to pinpoint how this actually happened. While some of the information is generally available, such as names, addresses and telephone numbers and up to six years old, we are acutely aware of the possibility that some of the information may be sensitive to some. We will take all steps to identify these customers and work with them on an individual basis. Additionally we will be contacting all customers whose information was inadvertently made available.
We take our customers’ privacy seriously; we have sophisticated tools and techniques and skilled people working on risks and privacy-related projects protecting the security of our customers’ information. What has happened is unacceptable, I apologise and assure everybody that we’ll find out exactly what has happened here and do everything we can to make sure this does not happen again.
Of course, not everyone believes that Telstra will be able to stop this kind of thing happening in future. Networking engineer and outspoken industry commentator Mark Newton wrote in response to Jamieson’s apology that he didn’t quite believe it:
“Telstra shows a pattern of behaviour around lack of respect for customer privacy, which includes this latest episode, prior examples of confidential information showing up on public websites, shipping customer clickstreams offshore without telling them during product trials, inspecting their communications content with Deep Packet Inspection equipment. We all know that despite fulminations about how this kind of thing mustn’t happen again, it actually will. It’ll keep happening until Telstra implements cultural change to prevent it.”
Personally, I’m willing to cut Telstra a little break when it comes to this kind of thing. After all, when you consider the amount of data that an organisation the size of Telstra actually stores, and how many employees it has, it’s probably surprising that it doesn’t leak bits and pieces more. This doesn’t excuse the practice — the best companies are good at guarding against this kind of thing — but it is useful context.
Image credit: Telstra