Insider: Slingshot Breaches Log-in Details of Telecom Customers

Bob Styran, IT audit expert
January 16, 2011 /

New Zealand – After a Sunday newspaper reported a “major data breach” involving log-in and personal details of more than 2 million Telecom customers being accessed secretly by rival telco Slingshot, the telecommunications company has released today a statement assuring customers of a geared up security measures.

The Herald on Sunday discovered from five staff of Power Marketing Limited, a contractor of Slingshot based in Auckland, that they are capable of accessing Telecom customer details housed in a database called Wireline, a practice long held by the firm though illegitimate. The details include names, addresses, and billing details.

In addition, the database provided details on what plan customers of Telecom subscribe, the amount they are paying, and existing contracts binding them, except for information on call history and credit cards, the Herald on Sunday reported.

One staff was cited by the Sunday newspaper as saying the data breach exposes Telecom customers at a disadvantage since they might mistake the sales staff talking to them for Telecom staff.

Despite the security breach, telecom retail CEO Alan Gourdie was unlikely to file a case against Slingshot, but expressed dismay at the practice of the rival company. Gourdie said their Telecom customers have been complaining about instances when they were being signed up to a deal that they did not remember engaging with.

In a statement published on its website today, Telecom told customers that it currently gears up security measures to protect customers’ information, detailing new policies and practices in its security to prevent the data breach from transpiring in the future.

“Access to Telecom Retail’s Wireline information requires levels of passwords/pins and should only be accessed by authorised personnel in the provision of Telecom Retail services. If it is confirmed that an organisation or person has been fraudulently using login details to access unauthorised customer information, we will take all appropriate steps to pursue this matter.”

Gourdie also said Telecom holds an investigation into the alleged breach into its Wireline database.

Privacy Commissioner Marie Shroff has conducted an investigation and said she sought statements from Telecom regarding the data breach.

 

Share your opinion