Telstra breaches customer privacy

Telstra has been fined for breaching the privacy of 15,775 customers.

Telstra breaches customer privacy

Telecommunication giant Telstra has been fined $10,200 for breaching the privacy of 15,775 customers whose information was accidently made publicly available online for 15 months.

In May of last year, Telstra and The Office of the Australian Information Commissioner (OAIC) were alerted to the publically available customer information spreadsheet by a 31 year old man from Victoria who found them via a Google search. Among the 15,775 customers were 1257 active silent phone line customers.

OAIC and the Australian Communications and Media Authority (ACMA) launched an investigation into the breach and, almost a year later, have handed down their report which contains a range of recommendations and a fine of $10,200.

This is one of many recent investigations conducted by the OAIC since 2009 into Telstra’s conduct with a 2011 information leak of 734,000 customers and incorrect mail sent to 220,000 addresses in 2010 topping the lists of breaches.

Read more from

Read more form

Opinion: Big business, small fines

In handing down their findings, the OAIC and ACMA noted that Telstra had failed to comply with directions over a previous code breach, yet believe a $10,200 fine will be a strong enough encouragement to prompt Telstra to operate within the codes going forward.

The size of the fine handed down is a joke. For a company of Telstra’s size, a fine of $10,200 would be similar to fining an individual $0.001. This isn’t even a slap on the wrist and, when you consider the resources which would have been spent investigating this breach, it makes no sense.

This isn’t Telstra’s first privacy breach either. The information of 734,000 Telstra customers was publically available online from March to December of 2011, including usernames and passwords of 41,000 customers. Telstra was involved in another breach last year, which affected 35,000 Bigpond Games customers.

So, why do big businesses keep getting away with it? Up until yesterday, the national laws in place surrounding information privacy were not strict enough to properly enforce world-leading privacy practices. New law changes, which came into effect yesterday, grant new enforcement powers to the Australian Privacy Commissioner, including the ability to fine companies up to $1.7 million. Disappointingly, for a company of Telstra’s size, $1.7 million is just a parking fine.

What do you think? Are companies being too reckless with your private information? Should Telstra have been fined more for its repeat breach? Should penalties be based on the seriousness of the breach and a per cent of that company’s income, rather than set maximum amounts?  


    To make a comment, please register or login
    13th Mar 2014
    one sincerely hopes that those responsible for handing down such a weak response are among those whose privacy was compromised.
    pathetic fine and the costs of the investigation be sheeted home to won't happen of course as "we must look after telstra shareholders".
    as that is the most important consideration by those who should know better but the poor old customer gets shafted not the offendding corporation.
    13th Mar 2014
    Just a few thoughts on the article about Telstra privacy and fines
    How do fines, big or small, encourage companies to keep information about clients secure? Who pays in the long run; probably the clients as cost are usually passed onto them! Who gets the proceeds of the fines, not the clients that have had their details breached? Who did the breaching? The person who deliberately or accidentally Googled (hacked into)that information?
    Wouldn't it be nice if a person/group that discovered sensitive information available to all and sundry informed the offending body, was rewarded for their honesty and the offending group/company immediately took steps to correct their problem.
    Maybe I'm getting too old and naively childlike
    13th Mar 2014
    Sixty four cents per customer has got to be the joke of the year.Was whoever handed down this fine a shareholder of Testra? With my own experiences with Telecom/Telstra and the number of people who tell me of problems with Telstra guarantee that I will never deal with them again.And, by the way, I have not dealt with them for many years.
    13th Mar 2014
    What happened to 'the punishment fitting the crime' ? If this had happened to Telstra all hell would have broken loose. Their service is dreadful, their acknowledgement of responsibility barely exists in relation to providing a service and their management is appalling. So one should not be surprised that they have gone all out to persuade the OIAC and the ACMA that their breach of privacy should not attract a fine of more than 65 cents per misdemeanour, that anything greater was not in the best interests of anyone. Bah humbug!
    Tom Tank
    13th Mar 2014
    The fines should be levied on the person responsible and if in default then serious jail time. That is the only way these big corporations will be brought to heel.
    14th Mar 2014
    Where do
    get their
    LINES .... LINES are a card
    with your full name
    your business name & address & phone number
    your home address & phone number - silent or not
    your workplace number
    your mobile number
    Where do they get these things from
    They purchase them for big $$$
    A couple of weeks ago on a Saturday morning a lady rang me on behalf of a legitimate charity wanting a donation.
    I have a silent home phone number
    Who gave her my number please ?

    I have to go I have my fortnightly appointment with the Employment Agency -
    I would like to do a basic computer course which will cost $32 & I would like them to pay for it. This is a community based course which they recommended to me -
    Centrelink told me last week, when I was there, that there is plenty of money to be spent on people like me -
    But will Campbell Page Disability Employment Agency actually pay for this course ?
    I'll be back......
    14th Mar 2014
    I got the course paid for I am happy.
    14th Mar 2014
    Hypothesize for a moment :-
    I work for a company that sells over the phone -
    Out bound calls = we call you
    I have a list
    I have the names / addresses / phone numbers / for a whole suburb -
    Let's call the suburb Nottingham -
    I ring you Monday morning 10.00 AM - no answer = no one home
    I ring again at 4.00 PM - no answer = no one home
    I ring you every day for a week - no answer = no one home
    Your home is empty in the day time .
    What if 'WE' were to hand that information to 2 men with overalls on in a panel van along with your address & phone number.IN YOUR HOUSE WHAT WOULD THESE 2 GUYS BE LOOKING FOR ?
    banking details - investment details - passports - birth certificates - signature sample - marriage certificates & anything else worth a few bob....
    Let's say you answer & purchase from us.
    I now have your credit card details also = potential I.D theft & C/C fraud & any other thing that you may have told me about yourself & your household without thinking.......
    15th Mar 2014
    i notice that other comments posted here talk of getting telemarketrs phone calls.

    easy way to stop this is to lodge your number with the federal government's "don't call" register.

    we now get no phone calls except about once or twice a year a charity group rining and similarly a call with an indian voice trying to tell you they are from microsoft windows telling you that your computer has a fault. next result is just hang up on them.
    Polly Esther
    15th Mar 2014
    "doggone" I've lodged my number with the "don't call" register probably some 3 or 4 times in the last approx. 18 months. Never stopped the calls. You know what, I reckon the "don't call" register is a phone call you shouldn't bother wasting your time making. It doesn't work.
    15th Mar 2014
    Richard - it worked for me now for a number of years.
    15th Mar 2014
    richard, i have been on the "don't call register" for quite a few years and i have never had telemarketers since..
    only call s received have been those allowed after registering - calls from political parties, charities and of those i have received about 2 or 3.
    i have had about a similar number of calls from india purporting to be the help desk of microsoft windows.

    so in say 4 years i average about 2 to 3 calls a year.
    17th Mar 2014
    Aside from the fines issue, all affected customers who had paid for a silent number should be able to get that payment back (monthly fee x 15 months) considering their numbers were publicly available.

    I recall an error they made a few years back in sending out offers for 250GB of internet usage at an astonishingly low price. I rang to accept their offer but the operator said they sent the letters in error and the offer didn't exist. I explained that I was a contract manager for the Australian Government and my understanding of contract law was that they made an offer in writing that I was accepting. They honoured the offer (although I can't help but wonder about all the other poor souls who were bluffed out of it).

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles