Your credit file could be affected by errors in the telecommunications industry…here is a media release we sent out last month about a significant data breach which occured with Telstra’s customer files. We are eager to see what the Privacy Commissioner’s findings will be on this incident.

Media Release

12 December 2011

A massive data breach of Telstra’s customer database has potentially put around 800,000 of its customers at grave risk of having their passwords stolen and their personal information pilfered by identity thieves.

The data breach which occurred last Friday, saw detailed personal information which was supposed to be available to Telstra customer service agents only, exposed and openly accessible on the internet.

The Sydney Morning Herald reported on Friday a user of the Whirlpool forum stumbled upon the “Telstra bundles request search” page after doing a Google search for a Telstra customer support phone number they were told to contact.

[i]

SMH reported the information of any Telstra customer was searchable even by last name, bringing up the customer’s account number, what broadband plan they were on, what other Telstra services they were signed up to and notes associated with the customers’ accounts including in many cases their usernames and passwords.

There were also other details about technician visits, SMS messages sent to private mobile numbers and credit check details.

Telstra has reportedly reset approximately 60,000 customer passwords as a precaution.[ii]

Telstra bundle customer, Graham Doessel is one of those potentially at risk.

He also happens to be the CEO of a company dealing in credit repair for people who have been unlawfully blacklisted from borrowing facilities. He says as much as 50% of his clientele who present with credit file errors and inconsistencies are Telco customers, and many of those are Telstra customers.

“This data breach is a crucial example of how errors occur so easily in the Telco industry. Unfortunately they have the potential to severely damage someone’s financial future.”

“Every day we deal with customers who can’t get a home loan, because their credit rating is damaged by improper execution of policies and procedures in the Telco industry,” Mr Doessel, of MyCRA Credit Repairs says.

Mr Doessel is concerned he is amongst those Telstra customers whose personally identifiable information may have been viewed, and copied for purposes of fraud during the time the information was readily available on the internet.

“The issue is about both our possible stolen passwords, and our possible stolen personal details – a huge commodity for fraudsters. What’s to say fraudsters haven’t jumped on the internet while this information has been available and copied it?”

“Personal details are the building blocks for constructing a fake identity. Once someone has fake ID documents, they can take out significant amounts of credit in the victim’s name. Often people don’t find out about it straight away and that can result in defaults from creditors and massive long term credit issues,” he says.

Mr Doessel recommends anyone who feels they may be at risk by this data breach take a few precautionary steps to ensure their credit file is protected:

1. Change passwords. Even if Telstra hasn’t advised you otherwise, go in and change your password. If you have that same password for unrelated accounts, change that as well.

2. Contact creditors and advise them you may be at risk of identity theft. This will allow them to ‘flag’ your accounts and halt any suspicious activity.

3. Check your credit file. Obtain a free copy of your credit file and check there is nothing suspicious already present on your credit file.

4. Alert credit reporting agencies. They can put an alert on your credit file which informs you of any changes to contact details, or suspicious credit enquiries you may not have initiated.

The Privacy Commissioner, Timothy Pilgrim made a statement yesterday:

“I have opened a formal investigation into the Telstra data breach. At a briefing today Telstra has assured our office that the immediate problem has been rectified and that personal data is no longer accessible.

I have asked that Telstra also provide me with a detailed written report on the incident, including how it occurred, what information, if any, was compromised and what steps they have taken to prevent a reoccurrence. I will consider all the information provided by Telstra and hope to be in a position to issue an investigation report in late January 2012,” Mr Pilgrim says.

It is uncertain exactly what and or how much the Privacy Commissioner could determine Telstra would be liable for.

A recent decision handed down by the Privacy Commissioner only last week, saw one individual complainant awarded $7500 in compensation after a Leagues Club was found to have breached their privacy.[iii]

This is not the first time a major data breach has occurred with Telstra. In October 2010, a mailing error saw around 60,000 letters containing personal customer information sent to other customers.

The Privacy Commissioner found the privacy of Telstra customers was only breached in 2010 due to human error, and did not occur due to any systemic failure of Telstra’s processes or procedures, therefore they were not required to pay damages in this instance.[iv]

/ENDS.

Please contact:

Lisa Brewster – Media Relations media@mycra.com.au

Graham Doessel – Director info@mycra.com.au

http://www.mycra.com.au/ 246 Stafford Road, STAFFORD QLD. Ph: 07 3124 7133 www.fixmybadcredit.com.au

MyCRA Credit Repairs is Australia’s leader in credit rating repairs. We permanently remove defaults from credit files.