Exclusive: Telstra confirms data incident, customer data not affected

Exclusive: Telstra confirms data incident, customer data not affected

Exclusive: Telstra confirms data incident, customer data not affected

Telstra has confirmed that malicious actors breached one of its internal systems and stole data belonging to employees and partners.

Yesterday (November 25), threat actor ‘UnicornLover67’ took the Australian telecommunications company online, claiming it had the data of 47,300 employees for sale.

Although the details of the stolen data have not been listed, the threat actor has posted a sample that appears to include names, email addresses, physical addresses and more. Some of the other unspecified data includes company names and addresses in the United States, as well as cell phone store names.

Telstra has confirmed that malicious actors used stolen credentials to access a pre-production testing environment.

“We are aware that a file containing Telstra data has been made available for sale online by a malicious actor,” a Telstra spokesperson told Cyber ​​Daily.

“Using the sample data, we identified the relevant dataset and that it came from a pre-production testing environment for an internal system used to log defects.”

Telstra confirmed the data belonged to employees and partners, but reiterated that no customer data had been accessed.

“This is not a customer database and therefore no passwords, banking details or personal identifying data such as driver’s license or Medicare numbers are included or used on the platform .

“We are still analyzing the data, but our initial review shows that it includes basic information and is primarily internal in nature, including employee and partner names, as well as business email addresses. Some external business email addresses and cell phone numbers are included,” it says.

Telstra said it has now restricted the access used by malicious actors and has notified authorities. She also started to inform those affected.

“We have urgently investigated how and when the data was collected and passed it to the relevant authorities. The actor used stolen login credentials to access the system, and we closed that access,” he said.

“We have started communicating to people and organizations the information included in the sample data.

“We will begin contacting anyone who has data included in this dataset to inform them of what has happened and to be especially vigilant for phishing and other suspicious activity.”

UnicornLover67 has not provided any updates yet.

Crypto FOMO is back. Scams too

Crypto FOMO is back. Scams too

US supports Novonix graphite factory

US supports Novonix graphite factory

Leave a Reply

Your email address will not be published. Required fields are marked *