Telstra's Pacnet has begun contacting its customers following the discovery of a data breach that compromised its corporate IT servers on which customer data is stored. Several high-profile Pacnet customers, including the Australian Federal Police and other government agencies, were exposed by the breach. It is unclear at this time whether the incident affected additional government clients, as well. Telstra, Australia's largest media and telecommunications company, first acquired global telecommunications service provider Pacnet in the middle of April this year. According to a blog post written by Mike Burgess, Chief Security Officer for Telstra, he and his team were notified shortly after the acquisition that Pacnet's corporate IT network, which includes email and other business management systems, had been accessed by an unauthorized third party.
"We took immediate action to investigate and respond to the breach," writes Burgess. "This included sending Telstra security experts to Hong Kong to conduct a detailed assessment of Pacnet’s network security and engaging an expert external incident response team to assist with our monitoring and protective measures."
Telstra's investigation revealed that attackers had exploited an SQL Injection vulnerability in a web application server on Pacnet's network to gain access to the telecommunication company's systems. At this time, Telstra believes the security incident is isolated to Pacnet and reports no suspicious activity on its networks. It has therefore directed its focus to notifying Pacnet's customers only.
Global enterprise services group executive Brendon Riley says that Pacnet has since implemented some security changes following the data breach. "Pacnet had taken action to rectify the breach prior to [acquisition] completion," Riley says. "Once we found out about it we took the time to further examine the Pacnet environment and add some additional monitoring and incidence response capability we felt were important to add and consistent with what we would want across our Telstra networks." Pacnet joins CICS Employment Services and FireKeepers Casino as yet another company to confirm a corporate data breach this month.