Security → Telstra Aust caught with its pants down over privacy.

TELSTRA has scrambled to reconnect its BigPond internet services after a privacy breach that leaked personal customer information shut down its system for 24 hours.

Up to 1 million BigPond users could not use email and other online services while the problem was being fixed.

About 60,000 passwords were reset after they, and/or user names, were inadvertently displayed on the internet.

A Telstra official, Karina Keisler, said the cause was not known, and a full investigation was under way. She said Telstra was made aware of the breach on Friday afternoon and shut down the system within the hour.

Bank and credit card details were encrypted and not included in the data displayed.

An internet forum user discovered the ''Telstra Bundles request search'' page on Friday after doing a web search for a Telstra customer support phone number.

Telstra CEO David Thodey has told staff "customer privacy is not negotiable" and that the telco's customers were "entitled" to feel as though the company had "broken their trust" following a recently privacy scandal.

In an email to staff this week, first published on broadband forum Whirlpool and now verified by Telstra's media team as being genuine, Mr Thodey told staff that further breaches at the telco "must not happen again".

Mr Thodey warned breaches were affecting the telco's reputation and said staff should inform their manager "as a matter of urgency" should they have concerns with anything that threatens the privacy of Telstra's customers.

"Some of our customers may feel we have broken their trust, and, frankly, they are entitled to feel that way. The hard reality is it will take months of hard work to win back that trust," he said.

TELSTRA Corporation has avoided a fine for a 2011 incident where it failed to protect the privacy of more than 700,000 customers.
Instead, the Australian Communications and Media Authority (ACMA) on Monday ordered Telstra to comply with the new Telecommunications Consumer Protection Code's privacy clause.

In June, ACMA found that the addresses, drivers licence numbers and dates of birth of 734,000 Telstra customers were publicly accessible between March and December 2011.

The information was accessible via a web-based customer management tool and made accessible via a link available on the internet, ACMA said.

"Given Telstra has pro-actively taken steps to remedy its processes with a view to preventing such an incident from happening again, a direction with respect to the specific code provision is the appropriate measure," ACMA chairman Chris Chapman said in a statement.

The ACMA said failure to comply with the code "may result in the ACMA taking Federal Court action seeking the imposition of a pecuniary penalty".

Telstra spokesman Scott Whiffin said the telco had worked closely with the Office of the Australian Information Commissioner and ACMA as part of their investigation and accepted the actions outlined by ACMA.

"As we acknowledged at the time, we take our privacy obligations very seriously and invest considerable time and resources in ensuring the privacy of our customers' personal information," Mr Whiffin said in an emailed statement.

"We have made it clear that this particular incident is unacceptable and have taken action to prevent it from happening again."