 As reported by Fairfax Media, Telstra has informed customers, including the Australian Federal Police, of the breach, however said there was no clear evidence that information had been stolen.
Fairfax reported that Telstra said the attack occurred two weeks before the Pacnet deal was finalised. Telstra advised that it was made aware of the breach on finalisation of the purchase on April 16 this year. “Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Telstra group executive of global enterprise services Brendon Riley stated. “To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.” Riley said there had been no contact from the perpetrators and that Telstra did not know the reason for the breach. “Now we have addressed the breach and understand its potential impacts, we are in the process of advising our Pacnet customers worldwide of what occurred and reassuring them that we are now applying the same high level of security we apply to Telstra’s networks,” he stated. Riley said Telstra’s focus is not on attribution. “Our focus is working with our customers to understand and minimise the impact to them and to give them confidence that we will apply Telstra’s very high security standards to the Pacnet IT network,” he commented. |
