Saturday, 10 December 2011

Privacy Breach: Telstra was going to tell its customers, when?

Image from The Age 10 December 2011

Sensible Telstra customers will be changing their passwords promptly as a first measure after reading this in The Australian this morning:

Whirlpool forum
regular exposes this privacy fail (emanating from what looks suspiciously like an internal company database whose creation and management may have been outsourced) at 1.08pm 9 December 2011:

Ugh, well, after a series of good experiences dealing with Telstra over the last eighteen months it feels like we're back in the bad old days.
Tl;dr: Telstra is an enormous corporation with a seemingly endless number of autonomous departments, none of which knows what any of the others is doing. Telstra have leaked customer information onto the Web.
I signed up for the $78 deal on 24th November—hadn't previously had a bundle on my account, or a Bigpond connection. Got my bill by email yesterday and, sure enough, the discount wasn't applied.
First thing I did was to jump onto online chat. Had to wait over 10 minutes for a consultant (which was fine because I could basically just get on with my work). He didn't know anything about the $78 offer, but I gave him the link, it felt like he was about to apply the discount both to my current bill and to future bills, but then he told me that I would have to ring 1800 330 192. OK.
I rang 1800 330 192 and after some humming and hawing the guy there gave me the $13 credit on my bill for this month ($10 plus the discount for the pro-rata initial period), but said that they don't in fact know anything about the $78 deal, and that I would have to ring the 'Bundles' department at 1800 008 851. Incidentally, if you do a Google search for that number, you get a very interesting result. Um, Telstra, that's customer information just sitting out on the open Web… That page also seems to suggest that he shouldn't have given me the number, but should have put me through…….

Despite this unforgivable privacy breach, I'm told Telstra is not making it easy for customers to access their accounts to change passwords as its My BigPond is currently offline due to maintenance downtime or capacity problems.

No comments: