Telstra employee and partner data breach: what you need to know

We’re aware of a file including Telstra data that has been listed for sale online by a malicious actor. Here’s what happened and what you need to know.
Narelle Devine · 29 November 2024 · 2 minute read

What happened?

On Monday 25 November, we became aware that a file including Telstra data had been listed for sale online by a malicious actor.

Using this data we identified the relevant data set and that it came from a pre-production test environment for an internal system used to log faults.

Our internal reviews shows that the data includes basic contact information and is mainly internal in nature, including Telstra and Telstra partner employee names, personal and work email addresses. A small number of residential addresses are included as well as some external work email addresses and mobile phone numbers.

The data was not sourced from a customer database and therefore no customer or employee passwords, banking details or personal identification data such as Driver’s Licence or Medicare numbers are included or used on the platform. 

What have we done since?

When we became aware of this event we investigated urgently to determine how and when the data was taken and have referred it to the relevant authorities.

We removed all access to the platform from which the data was taken.

What happens next?

We’re in the process of communicating to the people and organisations with information that may carry heightened risk included in the source database to make them aware of what has occurred, and to be extra alert to phishing attempts and other suspicious activity.

Do I need to take any action?

We always recommend remaining vigilant around unexpected communication, regardless of the sender. At this time there is no action needed by customers or employees, other than to remain alert.  

If you are concerned about the compromise or misuse of this information, please reach out to IDCARE - Australia and NZ national identity & Cyber support service and reference code TEL-JH24. IDCARE is an independent organisation that provides free support for those impacted by scams or fraud.    

We will contact anyone this impacts if this changes. 

By Narelle Devine

Chief Information Security Officer, Asia Pacific

Narelle has a diverse background having worked across the military, government and corporate sectors. Narelle began her career in the Royal Australian Navy before joining the Australian Government’s Department of Human Services as Chief Information Security Officer. In June 2020 Narelle joined Telstra as the Chief Information Security Officer Asia Pacific. Narelle is responsible for the company’s cyber security operations, intelligence, risk, governance, compliance, development and engagement. Narelle holds a Bachelor of Arts in Information Systems and English, a Master of Science in Information Technology and a Master of Systems Engineering. In addition to her love of cyber operations she is passionate about workplace culture, diversity, training and recruitment and is a current member of the RSAC Advisory Board and the AISA Executive Advisory Board.