Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Telstra provider hacked, business SIM data stolen

Telstra provider Schepisi Communications was allegedly hacked this week, leaking the SIM data of tens of thousands of Telstra users to a hacking group.

user icon Liam Garman
Wed, 05 May 2021
Telstra provider hacked, business SIM data stolen
expand image

Cyber criminals have reportedly accessed large numbers of SIM cards on the Telstra network after an apparent cyber breach this week against Telstra partner Schepisi Communications.

Schepisi Communications provides support to Telstra’s business customers, with Nestle as well as a financial services firm among those allegedly impacted.

According to The Australian, the alleged hackers posted a note confirming their cyber breach on the darkweb.

============
============

“We have a large amount of data on mobile devices, tens of thousands of SIM cards and a lot of information for them, financial information, contracts, banking information,” the hackers wrote as reported in The Australian.

The hackers have given Schepisi Communications 240 hours to respond to their demands.

Ajay Unni, founder of StickmanCyber and member of the NSW government’s 2020 Cyber Security Task Force, commented that businesses must ensure that third-party providers match their expected level of cyber security.

“When businesses engage a third party, either to provide them with a service or service the end customer steps need to be taken by the principal (in this case Telstra) to ensure the risk is managed properly,” Unni said.

“Third party risks have been misunderstood and even ignored in the past with the expectation being that outsourcing a particular aspect of the business means any breaches that occur are the problem of the third party. In reality, outside contractors can often access the principals’ systems, applications and databases which essentially opens them up to new threat vectors that can use vulnerabilities found in the third party to access and attack the principals’ systems.

“Back in 2013 Target fell victim to the biggest data breach in history as a result of their systems being hacked through an outsider contractor. Target lost millions of customers credit card information due to a vulnerability from one of their third parties. The incident highlighted the gaping vulnerabilities casual employees and contractors could potentially have on an organisation which is especially prevalent in today’s gig-economy model.”

According to IT Wire, the hackers allegedly used the Avaddon ransomware to execute the attack.

More to follow.

Liam Garman

Liam Garman

Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology. 

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.