Telstra has been hacked.
Australia’s biggest telco revealed today its internal corporate network Pacnet, bought earlier this year for $AU858 million, had been compromised.
One of the customers affected by the hack, through which the intruders had “complete access”, was the Australian Federal Police.
“We have not been able to tell from forensic information or system logs what has been taken from the network,” Brendan Riley Group Executive, Global Enterprise and Services said. “It is clear they had complete access to the corporate network.”
Telstra chief information security officer Mike Burgess said the vulnerability was an SQL Injection, which is a type of web attack usually used by hackers to steal data from organisations. The attack takes advantage of poor coding of a web app which enables hackers to inject SQL commands into, for example, a login form to enable them to gain access to the data in a database.
Riley said “it is possible” data was taken from the network but it has no evidence to back that up.
Telstra has informed the regulators of the breach.
Telstra acquired Singapore and Hong Kong based-Pacnet back in April this year for $US697 million after a due diligence process which ran from December last year. The vulnerability didn’t come up during that period.
“We were advised by Pacnet that their corporate IT network … had experienced a security vulnerability,” Riley said.
“Telstra has today advised Pacnet customers, staff and regulators in relevant jurisdictions of a security breach that allowed third party access to Pacnet’s corporate IT network.
“The breach occurred prior to Telstra taking ownership of Pacnet and Telstra was made aware of the breach on finalisation of the purchase on 16 April 2015.”
Riley said Telstra had taken immediate action to protect the security of the network once it was informed of the breach.
Telstra said it hadn’t had any contact from the perpetrators but when asked about customer details being accessed Riley said: “we haven’t uncovered anything untoward.”
The Pacnet team rectified the vulnerability back on April 3 and notified Telstra after the deal was closed in mid-April. Telstra said it wanted to fully understand what had happened on the network before it revealed there had been a vulnerability.
“At this stage we have no evidence that there has been no data taken from the network,” Burgess said.
Pacnet has a number of small, medium and large businesses as its customers, as well as government bodies.
Telstra shares are at $6.15, up 0.33% on yesterday’s close.
Business Insider Emails & Alerts
Site highlights each day to your inbox.