Personal Data Of 60, 000 Telstra Customers Exposed To Web

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.darkreading.com/insider-threat/167801100/security/privacy/232300392/personal-data-of-60-000-telstra-customers-exposed-to-web.html

By Tim Wilson
Dark Reading
Dec 12, 2011

Unencrypted data on some 60,000 customers of Telstra -- one of Australia's 
largest telecommunications carriers -- has been found easily accessible on 
the Web.

According to news reports, a user found the database after doing a Web 
search for a Telstra customer support phone number.

The page has been disabled, but users who saw the file said they were able 
to find Telstra's customer database based on the customer's last name, 
account number, sales force ID, or reference number, according to the 
reports.

The file contained information on what broadband plan the users are on, 
what other Telstra services they're using, and notes on customers' 
accounts, including usernames and passwords, the reports said. It also 
contained data about technician visits, SMS messages sent to private 
mobile numbers, and credit check details.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/