Share this article on:
Telstra has confirmed that threat actors breached one of its internal systems and stole data belonging to employees and partners.
Yesterday (25 November), threat actor “UnicornLover67” listed the Aussie telco online, claiming to have the data of 47,300 employees for sale.
While the specifics of the stolen data were not listed, the threat actor posted a sample that seems to include names, email addresses, physical addresses and more. Some of the other unspecified data includes company names and US addresses, as well as names of mobile phone stores.
Now, Telstra has confirmed that the threat actors used stolen credentials to access a pre-production test environment.
“We’re aware that a file including Telstra data has been listed for sale online by a malicious actor,” a Telstra spokesperson told Cyber Daily.
“Using the sample data, we have identified the relevant data set and that it comes from a pre-production test environment for an internal system used to log faults.”
Telstra confirmed that the data belonged to employees and partners but reiterated that no customer data was accessed.
“It is not a customer database, and therefore, no passwords, banking details or personal identification data such as driver’s licence or Medicare numbers are included or used on the platform.
“We are still analysing the data, but our initial review shows it includes basic information and is mainly internal in nature, including employee and partner names, and work email addresses. Some external work email addresses and mobile phone numbers are included,” it said.
Telstra said it has now restricted the access the threat actors used, and it has notified authorities. It has also begun informing those affected.
“We investigated urgently to determine how and when the data was taken and have referred it to the relevant authorities. The actor used stolen login credentials to access the system, and we have closed that access,” it said.
“We have started communicating to the people and organisations with information included in the sample data.
“We will start contacting anyone who has data included in that data set to make them aware of what has occurred, and to be extra alert to phishing and other suspicious activity.”
UnicornLover67 has provided no update as of yet.