Telstra fined after breaching privacy of 15,000 customers
Australia’s largest telco Telstra has been fined after it was discovered the information of 15,775 customers from 2009 and earlier was accessible on the internet.
The Office of the Australian Information Commissioner (OAIC) and the Australian Communications and Media Authority (ACMA) found Telstra breached privacy laws after several spreadsheets containing Telstra customer data dating back to 2009 was discovered via a Google search, and was quickly removed by Telstra. The telco also issued an apology for the breach.
‘This incident is a timely reminder to all organisations that they should prioritise privacy. All entities bound by the Privacy Act must have in place security measures to protect personal information,’ said Privacy Commissioner Timothy Pilgrim, one day ahead of major changes to the privacy act coming into force.
Following the breach, Telstra agreed to conduct a number of actions, including exiting the software platform on which the incident occurred, establishing a clear policy for central software management, and reviewing contracts with third parties relating to personal information-handling.
Telstra has also paid a fine of $10,200 in relation to the breach.
‘The ACMA welcomes Telstra’s agreement to the Privacy Commissioner’s recommendations,’ said ACMA Chairman Chris Chapman. ‘Telco providers are in a position of trust with respect to their customers’ details and with it comes a weighty responsibility—a fact reflected in the outcomes mandated by the TCP Code.’
Nic Christensen
This afternoon Mumbrella at 2pm will host an video hangout with ADMA CEO Jodie Sangster and Matthew Leung, legal counsel for Telstra retail.
Is Telstra the only business in Australia that publishes the address and phone number of its customers? When you ask them for a “silent number” they tell you it will cost $3 a month.
$3 a month or $36 a year to not publish my personal details?
It’s the only business on this continent that charges customers for privacy.
Telstra. Out of touch.
User ID not verified.
The fine is a joke. It equates to less than one dollar per customer whose privacy was breached. I think I’d be insulted if I was one of the customer’s who details were put online and the fine was that low, especially for such a wealthy corporation.
User ID not verified.