Details of 30k Australia’s largest telco Telstra staff leaked


Telstra says the leaked data does not affect its customers. The attack comes only two weeks after the country’s second-largest telco, Optus, was hacked.

Threat actors continue to plague Australia, as the country’s largest telecom provider, Telstra, informed it suffered from a third-party data breach on Tuesday.

The announcement comes at a tense point in Australia, which is still recovering from the Optus breach. Telstra and Optus are Australia’s two largest telecom providers, covering most of the country’s population.

According to Telstra, the data was leaked via a third party, and the company’s systems were not affected in any way. No customer data was revealed as the breach only affected Telstra’s employees.

“The data released is very basic in nature – limited to full names and employee email addresses. No customer account information was included,” the company told a former employee on Twitter.

Telstra claims that the leaked dataset covers information from 2017 and has details on 30,000 current and former company staff members. The company said it informed the affected staff and contacted the authorities about the issue.

According to Reuters, Telstra’s spokesperson said that the company is under the impression that the relatively old dataset was put up for sale to profit from the Optus breach.

There might be some logic to this, as large data breaches attract the attention of the international cybercriminal underworld. For example, the record-breaking leak from the Shanghai National Police spurred Chinese-language activity and interest in China-based data leaks.

The Optus saga

Threat actors penetrated Optus’ defenses in late September, stealing data of around 9 million of the company’s clients, representing roughly a fourth of Australia’s total population.

The hackers claiming responsibility for the attack demanded Optus pay $1m in a week or the data of close to 10m Australians would be sold piece by piece.

To put money where their mouth is, threat actors even leaked 10k records and promised to leak another 10k every day for the next four days until the deadline given to Optus ends.

Later, however, the hacker quickly removed the data from the leak site and apologized for the ordeal.

“Deepest apology to Optus for this. Hope all goes well from this,” threat actors said in a post on a hacking community forum BreacedForums.

The Australian government, which believes the breach was due to a basic security gap, has continued to slam Optus for describing the attack as sophisticated and for delays in updating affected customers.

“Optus senior management are kidding themselves if they want a medal for the way that they’ve been communicating. Not even a crocodile’s going to swallow that,” Government Services Minister Bill Shorten told reporters on Tuesday.