Pacnet — a Telstra subsidiary that provides data centre and ­undersea cable services in the Asia Pacific region — was hacked by unknown sources earlier this year, exposing legions of the telco’s corporate customers to the breach.

Telstra said it had no way of knowing if the attack — which ­occurred before Telstra took control of Pacnet on April 16 — had resulted in the theft of customer data but the telco said it was possible. “We have not been able to tell from forensic information or system logs what has been taken from the network. But … it is clear that they had complete access to the corporate network and that’s why we are telling customers,” said Telstra chief security officer Mike Burgess.

Telstra has advised Pacnet customers, staff and regulators in relevant jurisdictions of the security breach.

The attack occurred on the corporate IT network of Pacnet which contains the email and other business management systems for the division.

The perpetrator of the attack gained access to Pacnet’s corporate network through a SQL vulnerability that enabled malicious software to be uploaded to the network and ultimately led to the theft of admin and user credentials.

SQL vulnerabilities allow hackers to issue commands on servers so they can access data­bases and change or delete information. But Mr Burgess said it was unlikely the culprits would ever be clearly identified.

“While we will look into who was behind the breach we may never know as attribution is very difficult. We have not had any contact from the perpetrators nor do we know the reason behind this activity,” he said.

Telstra has since addressed the security vulnerability and removed all known malicious software. It has also put in place additional monitoring and incident response capabilities that the telco applies to all of its networks.

Telstra said the Pacnet corporate IT network remains isolated from Telstra and there has been no evidence of any activity on Telstra’s networks.

The AFP confirmed it had been notified of the attack on Pacnet but said it did not believe that any secure or classified material had been compromised.

Telstra acquired the Singapore and Hong Kong based-Pacnet — which provides data centre services to corporations and law ­enforcement agencies including the AFP in the Asia-Pacific region — late last year for $US697 million ($858m).

The breach occurred before Telstra took over the business with the telco giant only being made aware of the hack after it ­finalised the Pacnet acquisition on April 16. The security breach was not disclosed to Telstra before completion of the deal so the giant might have grounds to demand back some of its purchase price.

Telstra group executive of global enterprise services Brendon Riley said there might be a conversation along those lines but it was not the telco’s primary focus.

More related stories

Business

Wine industry shaken by young Aussies’ bold new tastes: report

Cheers to change! Young Aussies are shaking up the wine scene, embracing bold new tastes and leaving traditional norms favoured by their parents and grandparents behind. They’re also drinking less.

Read more

Media

Jewish editor’s take on ABC bias

Elahn Zetlin was a Jewish employee at the ABC. But he says its coverage of the war in Gaza and a lack of support over anti-Semitism saw him walk away.

Read more