Telstra confirms customer data breach

Ben Grubb reports:

Telstra has patched a data breach on its business website that had the potential to reveal personal information, such as date of birth, of 700 customers.

Telstra confirmed to ZDNet Australia yesterday afternoon that the only details that could be sighted without the need to log-in were the name, address and account number of a customer. But afterwards, it was confirmed that a customer account holder’s date of birth (DOB) could also be seen.

“In light of what’s been found out, it wasn’t until ZDNet came to us that further checks revealed that it could be possible [to see a customer’s DOB],” Telstra spokesperson Rod Bruem said.

[…]

The Telstra business customer said that it was only after he made his complaint public that it was addressed by Telstra. It was made public on broadband forum Whirlpool, where he eventually disclosed the URL (now removed) that could be changed to reveal customer’s data.

At first the Telstra business customer was reluctant to reveal the URL on the forum, but after waiting a few days after contacting Telstra he decided to make it public. It took five days for the site to get taken down. Bruem was unable to say why it took that long to get fixed.

Read more on ZDnet (AU)

About the author: Dissent