Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: Telstra confirms data incident, customer data unaffected

Telstra has confirmed that threat actors breached one of its internal systems and stole data belonging to employees and partners.

user icon Daniel Croft
Tue, 26 Nov 2024
Exclusive: Telstra confirms data incident, customer data unaffected
expand image

Yesterday (25 November), threat actor “UnicornLover67” listed the Aussie telco online, claiming to have the data of 47,300 employees for sale.

While the specifics of the stolen data were not listed, the threat actor posted a sample that seems to include names, email addresses, physical addresses and more. Some of the other unspecified data includes company names and US addresses, as well as names of mobile phone stores.

Now, Telstra has confirmed that the threat actors used stolen credentials to access a pre-production test environment.

============
============

“We’re aware that a file including Telstra data has been listed for sale online by a malicious actor,” a Telstra spokesperson told Cyber Daily.

“Using the sample data, we have identified the relevant data set and that it comes from a pre-production test environment for an internal system used to log faults.”

Telstra confirmed that the data belonged to employees and partners but reiterated that no customer data was accessed.

“It is not a customer database, and therefore, no passwords, banking details or personal identification data such as driver’s licence or Medicare numbers are included or used on the platform.

“We are still analysing the data, but our initial review shows it includes basic information and is mainly internal in nature, including employee and partner names, and work email addresses. Some external work email addresses and mobile phone numbers are included,” it said.

Telstra said it has now restricted the access the threat actors used, and it has notified authorities. It has also begun informing those affected.

“We investigated urgently to determine how and when the data was taken and have referred it to the relevant authorities. The actor used stolen login credentials to access the system, and we have closed that access,” it said.

“We have started communicating to the people and organisations with information included in the sample data.

“We will start contacting anyone who has data included in that data set to make them aware of what has occurred, and to be extra alert to phishing and other suspicious activity.”

UnicornLover67 has provided no update as of yet.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.