Dialog, IT provider owned by Optus’ parent company Singtel, breached

Threat actors breached IT provider Dialog and posted the company’s data on the dark web. Meanwhile, Dialog’s owner Singtel had the company’s data posted on a hacker forum.

Threat actors stolen and leaked data from an Australian IT service provider, Dialog. Hackers leaked what appears to be Dialog’s employee data on the dark web. The company claims that employee and client data was affected in the breach.

“[…] the company has experienced a cyber security incident in which an unauthorized third party may have accessed company data, potentially affecting fewer than 20 clients and 1,000 current Dialog employees as well as former employees,” Dialog said in a statement.

The company boasts a staff of over 1,200 employees and clients in various sectors of Australia’s government, including defense, treasury, and healthcare. The company also has a significant presence in the country’s private sector.

Dialog is also a subsidiary of Singapore Telecommunications (Singtel). Another Singtel-owned company, Optus, suffered a major breach last month when threat actors stole the details of nine million Optus users.

Dialog said the company detected the unauthorized access to the company’s servers on September 10 and shut them down as a result.

“On Friday, October 7, 2022, we became aware that a very small sample of Dialog’s data, including some employee personal information, was published on the Dark Web. We are doing our utmost to address the situation and, as a precaution, we are actively engaging with potentially impacted stakeholders to share information, support, and advice,” the company said.

Singtel Dialog breach
Post announcing Singtel leak on a hacker forum. Image by Cybernews.

Interestingly, the same day a sample of Dialog’s data was posted on the dark web, threat actors posted over 130GB of Singtel’s data on the same hacker forum where Optus’ data was first leaked.

However, Singtel representatives told Cybernews that the claims about the company’s breach are untrue. According to a statement by Singtel, the post on a hacker forum refers to data stolen in an earlier breach.

“The post refers to data stolen during the 2020 zero-day attack on Accellion’s (now known as Kiteworks) file sharing application, which affected many companies worldwide including Singtel,” reads Singtel’s statement.

Singtel is a Singaporean telecoms company with a mobile subscriber base of over 640 million customers. Singtel has a significant stake in the Australian market, where it owns the country’s second-largest telecoms provider Optus.