Fri June 29, 2012 12:49pm
The communications watchdog has slammed Telstra for publishing the personal details of more than 700,000 customers online for most of last year.
AS many as 734,000 Telstra customers had their names, addresses and, in some cases, driver's licence details and dates of birth, published online between March and December 2011.
The user names and passwords of as many as 41,000 people were also accessible via the company's flawed web-based management system Visibility Tool, which was used to track orders for its bundled services.
On Friday, the Australian Communications and Media Authority (ACMA) said Telstra failed to act quickly enough to protect its customers and breached the Telecommunications Consumer Protections (TCP) Code.
"We are most concerned about the length of time - more than eight months - during which a significant number of customers' personal information was publicly available," ACMA acting chairman Richard Bean said.
The Australian Privacy Commission also found the company had breached the Privacy Act by failing to protect its clients' information.
Telstra said it notified ACMA on December 9, 2011, when they discovered through media reports they had inadvertently given access to the sensitive information via a link.
The telco also said it had immediately contacted the affected customers.
"We deeply regret the incident," said its executive director of customer service, Peter Jamieson, in a statement.
"An incident like this is unacceptable. We take our privacy obligations very seriously."
However, national privacy commissioner Timothy Pilgrim has slammed Telstra's monitoring and accountability systems.
"A number of Telstra staff knew about the security issues with the database but did not raise them with management," he said.
"This incident could have been easily avoided if appropriate planning was undertaken."
Both ACMA and the Privacy Commission are in talks with the telco about its remediation plans.
Neither body has the power to fine or penalise organisations when initially found to have breached a code.
Earlier this week, Telstra admitted it had been tracking the websites visited by its Next G mobile customers and passing the information to a US data centre, as part of the development of an internet filtering system.