Internal mistakes rather than hackers have been blamed for the latest data protection failure to hurt phone users in Australia. Telstra is obliged to provide a web directory of phone numbers and a directory enquiry service, but they admitted on Friday that both had wrongly supplied the details of customers who should have remained unlisted. Australia’s largest telco apologized for the mistake via a corporate blog and explained that they…
…recently discovered an error which resulted in some customers’ names, numbers and addresses being listed when they should not have been. This was a result of a misalignment of databases – no cyber activity was involved.
The blog was issued in the name of Telstra CFO Michael Ackland (pictured), indicating that top management were not afraid to take responsibility. Based on how other telcos have behaved, it would have been easy for Telstra’s leaders to distance themselves by talking about system glitches. There was little information about why the breach occurred but Telstra did emphasize what they were doing to rectify things, which includes support for affected customers via IDCARE, a charity that mitigates the impact of privacy breaches suffered by Australians and New Zealanders.
As soon as we became aware, we started work to remove the identified impacted customers from the Directory Assistance service and the online version of the White Pages.
We’re in the process of contacting every affected customer to let them know, and to offer free support through IDCARE.
The Australian press had little additional insight to offer, beyond the clarification that 132,000 Telstra customers were said to have been affected.
One small crumb of comfort is that some telcos are finally beginning to understand that being transparent about their flaws is a better approach than routinely denying mistakes and playing down the consequences of breaches for customers. It was telling that Telstra commented:
Our customer service has come a long way in recent years, including in truth-telling about our mistakes – it is part of what drives us to make change.
There have been calls for the resignation of Kelly Bayer Rosmarin, CEO of Optus, the second largest Australian telco, following a breach which compromised identity details for almost 10 million Australians. Telcos have done a lousy job of learning from past data breaches, even though they collectively are responsible for maintaining and safeguarding important information about an overwhelming majority of people. Mistakes do happen and they will happen again. Trying to deflect blame just increases public cynicism, as evident from the response to Rosmarin’s clumsy handling of the Optus breach.
The big takeaway from this relatively minor breach by Telstra is that some telco executives are now changing tack, and confessing to errors in order to get ahead of the inevitable wave of criticism. This is the only effective way to maintain a degree of trust as the public becomes conscious of the true risk and likelihood of privacy breaches.