Australia breaches

(Source – Shutterstock)

Cybersecurity issues continue to fret Australia as Telstra and NAB report data breaches

It’s been an eventful week in Australia as two more organizations reported data breaches. With the country already dealing with one of the largest data breaches, another telco company and a bank have also reported data breaches, but at a smaller scale.

About two weeks ago, Optus, the second largest telco provider in Australia reported a data breach, affecting nearly 10 million customers. The breach also saw at least 2.1 million ID numbers exposed, including 150,000 passports and 50,000 Medicare numbers that have been stolen as the Singaporean-owned telco announces an independent review.

Now, reports show that Australia’s largest telco, Telstra, and the National Australia Bank (NAB) have suffered a data breach of a rewards platform. The data breach is said to compromise the names and email addresses of their current and former staff posted online.

According to a report by Sydney Morning Herald, the companies stated that their internal systems had not been hacked. Instead, the information of their employees was stolen from a platform called Pegasus. The program provides reward programs for businesses.

A Telstra spokesman said they have “been made aware of a data breach affecting a third party that included limited Telstra employee information from 2017. To be clear, it was not a breach of any Telstra systems. No customer account information was included. We believe it’s been made available now in an attempt to profit from the Optus breach.”

Interestingly, the report also stated that the Telstra data, covering 30,000 employees, was from 2017 and published on the same forum that published the Optus customer data last week.

For NAB, the names and email addresses of a number of employees had been exposed, but the bank stressed it was not due to a breach of any of its systems.

The My Rewards International data that was breached is owned by Pegasus Group Australia. The Group said the platform was independent and not linked to the current program offered by the company. It is also notifying the individuals who have been impacted and has contacted the Office of the Australian Information Commissioner.

While the data breach at Telstra and NAB may not be as severe as the one experienced by Optus, the reality is cybercriminals are still finding ways to exploit data and information in any way possible. The data from NAB and Telstra may be from 2017 but that does not mean the information is not relevant and should be taken lightly.

In any case, both Telstra and NAB should be looking at how the breach may have occurred and also if the cybercriminal had left any backdoors or infiltrated other data sets as well. Also, if the cybercriminal (be it an individual or group) is not looking for a ransom to release the data, there is a possibility that the breach could also have other motives behind it.

The Australian government is already coming down hard on Optus for the way it is dealing with the data breach. In fact, Reuters reported that the Australian government, which believes the breach was due to a basic security gap, has continued to slam Optus for describing the attack as sophisticated and for delays in updating affected customers.

“Optus senior management is kidding themselves if they want a medal for the way that they’ve been communicating,” Government Services Minister Bill Shorten told reporters.

Perhaps Telstra and NAB may be acting faster in reaching out to their customers if they have been compromised by the data breach. Either way, it continues to be an eventful period of data breaches in Australia