Telstra publicly releases customer details of 140k Aussies who wanted unlisted number
Telstra publicly released the details of more than 140,000 customers who wanted privacy, an investigation has found.
The details of more than 140,000 Telstra customers who requested unlisted numbers were made publicly available by the telecommunications giant in a major breach of its carrier licence.
An investigation into the telco by the Australian Communications and Media Authority found Telstra published 24,005 unlisted numbers with corresponding customer names and addresses in the White Pages.
The regulatory body also found Telstra included 139,402 unlisted numbers with customer details in its directory assistance database, which ACMA said was “used by Telstra operators when answering calls from customers for services such as call connect and directory assistance”.
The incidents, which predominantly occurred between 2021 and 2022, amounted to more than 163,000 breaches of Telstra’s carrier licence.
The breaches were reported to ACMA by Telstra in 2022 after the company found “system issues and process failures” had resulted in the numbers’ release.
ACMA has since directed Telstra to “reconcile its customer data with its White Pages and directory assistance database listings every 6 months” as well as introduce a training program for staff and independently audit the company’s system and compliance procedures.
The direction will remain in place until Telstra has introduced all recommendations made by the audit.
ACMA has also given Telstra a “remedial direction” that requires the telco to take action to support compliance with obligations not to disclose or use information related to unlisted numbers.
If Telstra breaches the direction, ACMA could begin civil penalty proceedings in the Federal Court that could result in penalties of up to $10m per contravention for the telecommunications giant.
A Telstra spokesperson said the telco immediately reported the findings to ACMA and took “corrective action and communicated with customers”.
“Since it occurred, we have significantly upgraded our systems through major software and technology improvements and we conduct regular sweeps to pick up any potential misalignments,” the spokesperson said.
ACMA member and consumer lead Samantha Yorke said someone might request an unlisted or silent number for a number of different reasons, including concerns for their privacy or safety.
“While we are not aware of any harm to people as a result of these breaches, Telstra failing to safeguard customer information, putting people’s privacy and safety at risk, is a serious matter,” Ms Yorke said.
“Telstra is entrusted with personal details of millions of Australians and those people have the right to expect that Telstra has robust systems and processes in place to ensure their information is being protected.”