Telstra, Australia’s largest telecommunications company with over 18 million customers, has leaked subscriber data. A breach of Telstra was disclosed in October, but Telstra is stating that the recent leak was due to a misalignment of databases. Telstra has begun reaching out to some of the 130,000 unlisted customers whose names, phone numbers, and addresses were exposed via the Directory Assistance Service and White Pages. Telstra has partnered with a cybersecurity firm and has notified authorities, and the information that was supposed to remain unlisted is already being removed from the platforms. However, this has not stopped scammers from attempting to take advantage of the leaked information. There have been reports surfacing of affected customers receiving text messages from scammers posing as Telstra IT support.
Telstra will likely restructure their security strategy. They should consider adopting a defense-in-depth strategy in the future. Customers of Telstra should be aware of the increased likelihood that they will be targeted in phishing attacks. Messages from unknown senders should be approached with caution and attachments should not be interacted with unless they can be verified.