Personal information and data of more than a million customers of Australian telecommunications giant Telstra were available to any Internet user for an unknown period of time.
The offense was discovered by the client Telstra, who wanted to find a telephone technical support via Google, and among the search results he was offered a link to the online tool “Telstra Bundles request search”.
From this page, anyone could get information about the company’s customers by simply entering the required name, account number, ID or a commercial agent identification number.
The results of this search expose information, such as those used by the client services and tariff plan, information about the visits of technical experts, SMS messages, check credit history, email correspondence between the client and company personnel, and even user names and passwords.
According to The Age, discussed page to be available one hour after Telstra has been notified of the problem, but later the problem persists. A company representative said that they would investigate the incident and inform about the results of the Privacy Commissioner (the person who oversees the provision of privacy).
This is not the first time that Telstra has created confusion as a result of accidental release of private information about their customers – three different incident occurred in 2010. But the questions to be answered now – it’s how long the site was opened for public access and whether the abuse committed by the data access.