“We’re in the process of contacting every affected customer to let them know, and to offer free support through IDCARE. We are conducting an internal investigation to better understand how it happened and to protect against it happening again,” the post continued.
Mr Ackland also apologised to Telstra customers: “Protecting our customers’ privacy is absolutely paramount, and for the customers impacted we understand this is an unacceptable breach of your trust. We’re sorry it occurred, and we know we have let you down.”
What data has been breached?
At this stage, the names, phone numbers and addresses of 130, 000 Telstra unlisted customers - customers who have explicitly requested that none of their information is made publicly available - have been incorrectly listed online.
How to know if your data has been breached?
Telstra is in the process of notifying customers who were affected by the breach, so keep an eye out for an email or phone call from the company.
What should I do about the Telstra data breach?
Customers who were affected by the Telstra breach will be given access to resources and specialist identity protection advice from IDCARE. But until Telstra contacts you, monitor your devices and accounts for unusual activity. You should also ensure you have the latest security updates and have multi‑factor authentication enabled for all accounts.
How might the data be used?
The most likely use of the leaked Telstra information would be to perpetrate scams through text and email.
Therefore, any Telstra customer should be suspicious of any text messages or emails they receive that mention or reference the Telstra data breach and prompts you to click on a link. If you do receive a suspicious SMS or email, contact Telstra directly and do not click any links in the messages.
You can register fraudulent SMSes by forwarding them to Scamwatch (their phone number is 0429 999 888).