Now it’s Telstra in data breach as details of 30,000 staff uploaded to dark web
Telstra has become the latest telco to be managing a smaller breach of its staff data, as millions of Australians rush to protect sensitive details stolen in the Optus cyber attack.
A Telstra spokesman confirmed up to 30,000 former and current workers have had their names and email addresses uploaded to a forum on the dark web.
He said Telstra itself was not hacked, but a third party which was offering a rewards program for staff had the data breach in 2017.
“No customer account information was included, we believe it’s been made available now in an attempt to profit from the Optus breach,” the spokesman said on Tuesday.
“The relevant authorities have been notified, we’ve let current employees know, and while the data is of minimal risk to former employees, we will attempt to notify them too.”
Meanwhile, Optus has finally handed over data to Services Australia almost a fortnight after a massive data breach was revealed.
Labor frontbencher Bill Shorten confirmed the government agency had received the data on Tuesday and was assessing it to see what could be drawn from it.
“We shouldn’t have to play hide and seek and wait to day 13 to get material,” he told reporters in Canberra.
“What it’s about is the horse’s bolted. We’re trying to close the gate.
“All I’m motivated by is … to get the information so I can stop hackers from hacking into government data and further compromising people’s privacy.”
Shorten said Optus had revised its estimates to 50,000 compromised Medicare records and 150,000 passports.
He called for the telco to be more forthcoming with information.
It comes as a majority of Australians would back a move to strengthen privacy protections in the wake of the massive data breach.
Guardian Essential poll results published on Tuesday found just over half of respondents supported tighter restrictions on the amount of information companies could collect on consumers.
An overwhelming majority of the 1050 respondents also said they were worried about scammers stealing their identity to set up bank accounts, despite only 21 per cent saying they were directly affected by the Optus breach.
The survey comes after Optus’s parent company advised it had engaged lawyers in case it was subject to any class action over the hack, which involved the personal details of more than 10 million customers being compromised.
In a statement to the Singapore stock exchange on Monday, Optus owner Singtel said it had not received any legal notice of a class action but any such move would be “vigorously defended”.
The company also said it wanted to clarify media reports about potential fines or other costs relating to the incident.
“Singtel considers these reports speculative at this juncture and advises that they should not be relied upon,” it said.
Optus on Monday said more than two million customers had their identification documents exposed in the data breach.
The telecommunications giant has launched an independent review conducted by consultancy firm Deloitte of the circumstances surrounding the data hack.
Embattled Optus chief executive Kelly Bayer Rosmarin recommended the review, saying the company was committed to rebuilding trust with customers.
Several government ministers have criticised the company’s response to the incident and its failure to promptly advise customers or the government what personal details had been compromised.
Attorney-General Mark Dreyfus has said he will review Australia’s privacy laws and tighter protections could be brought in by the end of the year.