Employee data breach: what you need to know
You may have seen media reports about a data breach involving Telstra employee data. We wanted to let you know what happened.
First things first: There has been no breach of Telstra’s systems. And no customer account data was involved.
Unfortunately, these types of events are not uncommon and, given the interconnected world that we live, one event can impact many organisations.
What happened?
Here are the facts.
Information obtained as a result of a data breach at a third-party supplier, was posted on the internet. The supplier previously provided a now-obsolete Telstra employee rewards program.
Critically, there was no breach of any Telstra systems, and no customer account information was stored on the third-party platform.
The data that was posted was from 2017, and was basic in nature. Only names (first and last) and email addresses used to sign up to the employee rewards program were impacted.
We have also learned the breach was not specific to Telstra, and several other companies have also been affected.
When did we find out?
We became aware of this event last week, and notified our team soon after.
We’ve already let our current team members know and while the risk is low for former employees, we will try to contact them.
Which platform was breached?
It was a third-party platform called Work Life NAB that is no longer live. It was used by several other organisations and not limited to Telstra.
It was run by Pegasus Group Australia, which is a subsidiary of MyRewards International Ltd.
What happens next?
Cyber security is a team sport and we will continue working with the third party to determine how this happened and understand any additional impacts that may arise.
We’ll post any important updates here, and to our Twitter and Facebook pages should the situation change