The data of 30,000 current and former Telstra employees has been exposed in a breach the telco believes was timed to capitalise on Optus’ hack.
According to a Telstra spokesperson, the breach was not of its own systems but that of a third party, with it containing “very basic” data – full names and email addresses – dating back to 2017 and used to sign up to the employee rewards scheme NAB Worklife Rewards Program.
The spokesperson confirmed to ARN that the majority of the 30,000 figure consists of former employees and it had stopped using the program in 2017.
Telstra said its customer base was not included in the breach, with the spokesperson saying that Telstra “[believes] it’s been made available now in an attempt to profit from the Optus breach”.
“The relevant authorities have been notified, we've let current employees know and while the data is of minimal risk to former employees, we will attempt to notify them too,” they added.
Telstra’s publicised data breach comes a week after rival telco Optus had data from over 9 million customers exposed in a breach that included driver’s licence and passport numbers.
The incident is now undergoing a criminal investigation and may face a class action instigated by law firm Slater and Gordon.
Optus also called on global systems integrator Deloitte to conduct an independent security review following the breach, looking over its security systems, controls and processes.
Telstra’s breach also comes two years after partner Schepisi Communications fell victim to a cyber attack, which was said at the time to have potentially exposed information associated with tens of thousands of SIM cards.