Telstra admits flaw in its website’s search function that provoke a security failure

Share this…

An error in the search function on its website granted access for three users to the personal and commercial details of other customers, admitted the company

Reports of enterprise data protection services experts from the International Institute of Cyber Security mention that a flaw in the search function on telecomm provider Telstra’s website led to a data breach where 18 client data were compromised, including name, address, phone number and email address. According to Telstra, these details were accidentally made available to three customers through their online help service Your Telstra Tools for small businesses and business customers.

“Privacy and security of our customer’s data is a serious matter for us, so we immediately disable Your Telstra Tools while our information security team investigates the case”, mentions a statement from the head of sales and services of Telstra, Michael Kland. Kland commented that Telstra began to notify and apologize to affected customers and that “the enterprise will remain alert to keep data and systems safe”.

The official announcement came after reports from experts on enterprise data protection services on a customer who had accessed a Telstra database with details of 66.5K customer names, addresses, phone numbers and email addresses when searching for the term “email” on the company’s website after logging into his account. According to these reports, filtered data include those of an employee of the Department of Defense.

Telstra announced that it will fire the finance manager Warwick Bray and the manager of the technology, Innovation and Strategy Group Stephen Elop, along with the general counsel of the group, Joe Pollard. At least 8K jobs will be eliminated as part of the Telstra2022 restructuring project announced by CEO Andy Penn last month.

Specialists in enterprise data protection services report that Telstra is preparing to deliver a series of litigation in the face of protests by his employees and different labor organizations for the next mass dismissal, in addition to addressing his responsibility for the serious information security failures that allowed the data filtering of its users.