Telstra, one of the largest telecommunications companies in Australia, will have some explaining to do after a simple search on their website revealed that their customers’ information was inadvertently shared online.
The company has a few million account holders which means that the impact of such an incident could be huge.
The whole thing originated from an unsecure and openly accessible webpage entitled "Telstra Bundles request search" which was discovered by a member of the Whirlpool Broadband community, The Australian informs
Even though the website was quickly taken down to prevent any incidents, experts who took a peek at the page while it was online claim that customer details such as account numbers, broadband packages, technician visits and even email addresses and passwords, in some cases, were available for almost anyone.
Worryingly, the number of affected clients or for how long the page was present are unknown by Telstra.
"[It's] unsure at this stage, it appears to be limited to bundled customers but we don't know how many," a Telstra spokeswoman stated.
The Federal Privacy Commissioner has been alerted on the issue and a full investigation is ongoing to determine how the data breach occurred and who is responsible for it.
While the main concern of Telstra is to patch up the vulnerability, all their customers are being informed on the incident in the attempt of keeping everything as transparent as possible.
This is not the first time Telstra leaves their customers exposed. More than a year ago they were investigated after they send out 220,000 letters to incorrect addresses as a result of a mail-merge error. The letter contained names, phone numbers and plans.
At the time, Infosecurity Magazine reported
that the company had some measures set in place to protect the personal information of their customers involved in mailing campaigns.