Telstra has apologised to customers after a search function error in its Telstra Tools self service function exposed contact details of business clients to other users of the help site.
Three customers were able to view emails about planned network interruptions, using specific search terms on the Telstra Tools site, the telco said. The emails in question were sent out to 18 other business customers, Telstra claimed.
However, one of the customers who was able to view details of other users spoke to 9NEWS and said a search on “email” on Telstra Tools returned 66,500 results. The search results contained names, physical and email addresses and phone numbers of Telstra customers. A Department of Defence employee were among those whose details were exposed, according to the report.
Head of sales and service, Michael Ackland, said the telco’s IT Security team is investigating the privacy breach and had disabled Telstra Tools while it looks into the extent of the issue.
The investigation found the emails had leaked customer details such as personal and business names, physical and email addresses as well as phone numbers, Ackland said.
Telstra has is now contacting the 18 affected customers whose details were accessed to apologise to them.
“The privacy and security of our customers remains a priority – and we remain vigilant to keep our data and systems safe and secure,” Ackland added.
The telco did not disclose how long the Telstra Tools search function was misconfigured.
This year in May, Telstra also has advised users of its cloud who run self-managed resources that their “internet facing servers are potentially vulnerable to malware or other malicious activity.” The company says that it spotted a weakness in its service on May 4th and is now telling users to “delete or disable” the “TOPS or TIRC account on your self-managed servers”.