Pacnet’s IT network was hacked earlier this year

Telstra’s recently acquired datacentre and cloud specialist Pacnet suffered a security breach earlier this year whereby a third-party managed to get access to its IT network, the telco revealed this week.

Telstra was quick to point out that while the breach occurred on Pacnet’s IT network (which isn’t connected to Telstra’s) before its acquisition of Pacnet was finalised in April, it did do and has since done all it can to try and understand the reasons for the breach and its potential impact on customers.

The company has alerted customers, staff and regulators in the relevant jurisdictions.

Group executive of global enterprise services Brendon Riley said the investigation is ongoing, and that the company will apply its own tried and tested security technologies and techniques to Pacnet’s network.

“Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Riley said.

“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.”

He said the firm is alerting customers of the potential impact of the breach, and hopes that the extra precautions the company has put in place will restore confidence in the firm.

The company has so far declined to comment on the scope or volume of data exposed to hackers.

Telstra seems keen to pre-empt any privacy-related regulatory challenges, something the company has had to deal with in recent years – which, it was eventually found, was due in part to its own negligence.

Last year for instance the firm was fined by the Australian Information Commissioner for making the personal details of almost 16,000 customers accessible via the internet between February 2012 and May 2013 after several spreadsheets containing customer data dating back to 2009 was found through Google Search.

Pacnet’s IT network was hacked earlier this year

Telstra’s recently acquired datacentre and cloud specialist Pacnet suffered a security breach earlier this year whereby a third-party managed to get access to its IT network, the telco revealed this week.

Telstra was quick to point out that while the breach occurred on Pacnet’s IT network (which isn’t connected to Telstra’s) before its acquisition of Pacnet was finalised in April, it did do and has since done all it can to try and understand the reasons for the breach and its potential impact on customers.

The company has alerted customers, staff and regulators in the relevant jurisdictions.

Group executive of global enterprise services Brendon Riley said the investigation is ongoing, and that the company will apply its own tried and tested security technologies and techniques to Pacnet’s network.

“Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Riley said.

“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.”

He said the firm is alerting customers of the potential impact of the breach, and hopes that the extra precautions the company has put in place will restore confidence in the firm.

The company has so far declined to comment on the scope or volume of data exposed to hackers.

Telstra seems keen to pre-empt any privacy-related regulatory challenges, something the company has had to deal with in recent years – which, it was eventually found, was due in part to its own negligence.

Last year for instance the firm was fined by the Australian Information Commissioner for making the personal details of almost 16,000 customers accessible via the internet between February 2012 and May 2013 after several spreadsheets containing customer data dating back to 2009 was found through Google Search.