Telstra reveals Pacnet security breach

20.05.2015
Telstra-owned telecommunications services provider, Pacnet, has suffered a security breach, enabling cybercriminals to upload malicious software on it corporate IT network.

The breach occurred prior to Telstra's $697 million acquistion of the Asian telco. Telstra was made aware of the breach on finalisation of the purchase on April 16, 2015.

Telstra has today advised Pacnet customers, staff and regulators in relevant jurisdictions of the security breach that allowed third party access to Pacnet's corporate IT network.

Telstra group executive of global enterprise services, Brendon Riley, said Telstra had taken immediate action to protect the security of the network once it was informed of the breach.

"Our investigation found a third party had attained access to Pacnet's corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network," he said.

"To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access.

Riley said the company had also put in place additional monitoring and incident response capabilities that is routinely applied to all of Telstra's networks.

Read more:Telstra launches Asia's first Software-Defined Networking (SDN) platform

"Now we have addressed the breach and understand its potential impacts we are in the process of advising our Pacnet customers worldwide of what occurred and reassuring them that we are now applying the same high level of security we apply to Telstra's networks," he said.

The Pacnet corporate IT network is not connected to Telstra and there has been no evidence of any activity on Telstra's networks, according to the a company statement.

Riley said there had been no contact from the perpetrators nor did Telstra know the reason for the breach. "Our focus is not on attribution," he said.

Read more:Mandatory Disclosure Laws needed to counter lax security attitudes: Symantec

"Our focus is working with our customers to understand and minimise the impact to them and to give them confidence that we will apply Telstra's very high security standards to the Pacnet IT network," he said.

"Protecting the information of our customers and people is critically important to Telstra.

"We make significant investments in security capabilities and work around the clock globally to keep our customers' data safe and our networks secure."

Read more:Telstra completes $857 million Pacnet acquisition

(www.arnnet.com.au)

Brian Karlovsky