Telstra’s data breach was much smaller than Optus’, with the names and email addresses of 30,000 employees - both current and past - last week shared on the same platform that Optus data was.

The data breach was of a third party that in the past had provided Telstra’s Worklife NAB rewards program for staff, reports the Guardian.

It is understood the data that was stolen dates back to 2017 and contained both first and last names, as well as work email addresses of 30,000 Telstra employees, of whom more than 12,000 still work for the company.

“We understand this may cause some anxiety to our people, particularly in the current climate of heightened awareness around cyber security,” Telstra’s Alex Badenoch told staff in message that was shared on Saturday, reports the Guardian.

“If you wish to find out more about the breach of to find out if your email address was exposed, please contact our cyber team ...

“In the meantime, we remind you as always to remain vigilant about any unexpected communications.”

BIG ISSUE WITH OPTUS DATA BREACH

The commissioner responsible for investigating the Optus hack has revealed the telco’s collection of personal data may have gone beyond its legal requirements.

At least 2.1 million personal identification numbers have been stolen as the telco announced an external review into the massive cyber attack.

Following investigations, Optus said of the 9.8 million customers whose data was hacked, it believes 7.7 million do not need to replace documents.

Information Commissioner and Privacy Commissioner Angelene Falk said she believes Optus might have gone “beyond the scope” of the data they needed to hold.

“Many businesses are required under law to collect and retain information, just as we as individuals are required by the tax office to keep our tax returns for a certain of time,” Ms Falk said.

“This issue of how much information was collected and the length of time it was held is something we’re working through.

“It begs the question, does the amount of information, not just Optus but a whole bunch of corporates, does it go beyond the scope that they need to hold?

“In some cases I think it does go beyond the scope.”

Ms Falk admitted that companies needed to “get back to basics” and make sure “only that information is being collected”.

“All organisations can only connect information that is reasonably necessary. Reasonable and necessary. They can't just have information that is nice or convenient.

“It has to be connected to providing the service people are after … I think that's where the conversation is going.”

On Monday the major telco said they had engaged Deloitte to conduct an independent review into its security systems, controls and processes.

However, the embattled telco revealed that they wouldn’t release the review publicly once it is complete while also denying there was a rift with the government and that they were fully co-operating with all requests for information.

“We are working very closely and collaboratively at the working level with all aspects of government, including more than 20 different governments and licensing authorities,” Optus chief executive Kelly Bayer Rosmarin said in an interview.

“We’re being open and transparent along the way. The (Office of the Australian Information Commissioner) has the full breakdown of data so I don’t think there’s any issue with us being focused on our customers, communicating with customers, and making sure that the government has what it needs to help us in our mission to protect customers.”

Her comments came only hours after Environment Minister Tanya Plibersek became the latest senior government figure to criticise the company, attacking the “lack of communication”.

“It’s extraordinary we don’t have any Medicare numbers or Centrelink numbers that may have been compromised,” she said.

More Coverage

How Optus victims can get new IDs

Hayley Goddard

‘Take action’: New Optus hack details

Hayley Goddard, Courtney Gould and Eli Green

Originally published as Telstra staff caught in data breach amid Optus hack