The data breach at Canada's Desjardins credit union included the names, dates of birth, contact information and banking habits of its 4.2 million customers
The data breach at Canada's Desjardins credit union included the names, dates of birth, contact information and banking habits of its 4.2 million customers

A recent investigation by the Australian Communications and Media Authority (ACMA) has revealed that telecommunications company Telstra had breached privacy protocols by exposing the personal details of over 140,000 Australians, some of whose names and addresses were listed in the White Pages.

The breaches reportedly occurred in 2021 and 2022. The investigation revealed that Telstra's license obligations were breached 163,000 times, which led to the disclosure of phone numbers of even those who expressly requested to remain private.

The breaches led to the unintentional adding of 24,000 unlisted numbers to public White Pages directories along with names and addresses, and another 139,000 unlisted numbers that ended up in Telstra's directory assistance database, The New Daily reported.

Samantha Yorke, a spokesperson of the ACMA, emphasized the gravity of such data management errors, even if the agency hasn't received complaints of any direct harm brought on by these breaches.

"Telstra failing to safeguard customer information, putting people's privacy and safety at risk, is a serious matter," Yorke said. "Telstra is entrusted with personal details of millions of Australians and those people have the right to expect that Telstra has robust systems and processes in place to ensure their information is being protected."

The ACMA investigation was initiated after the company self-reported the accidental exposure of unlisted phone numbers in White Pages directories, ABC reported.

"We found this issue in 2022, immediately reported our findings to the ACMA, took corrective action and communicated with customers," a Telstra spokesperson told ABC. "Since it occurred, we have significantly upgraded our systems through major software and technology improvements, and we conduct regular sweeps to pick up any potential misalignments."

The ACMA stressed the gravity of these breaches, even though they did not disclose any immediate harm. To their credit, Telstra promised prompt action for impacted consumers and even provided IDCARE, a national identification and cybersecurity program, at no cost.

Currently, Telstra is not facing any penalties due to the breaches; however, if the company is taken to court, it could face fines of up to AU$10 million per dispute.