Australian telco AAPT confirms breach at network partner, data stolenBy Lee Kaelin
Australian telecommunications firm AAPT last night confirmed that hackers had gained unauthorized access to some business customer data after breaching the database servers at one of its external service providers, Melbourne IT.
"It was brought to our attention by our service provider, Melbourne IT, at approximately 9.30pm last night that there had been a security incident and unauthorized access to some AAPT business customer data stored on servers at Melbourne IT," AAPT CEO David Yuile said in a statement. "AAPT immediately instructed Melbourne IT to shut down the servers when notified of the incident."
Anonymous Australia claimed responsibility for the attack, saying they gained around 40GB of data, which they will release as soon as it has been vetted to ensure no sensitive data is published online.
"Preliminary findings suggest it was two files that were compromised, and the data is historic, with limited personal customer information. Further, the servers on which the files were stored have not been used or connected to AAPT for at least 12 months," Yuile said. "AAPT is extremely concerned about this incident, and is treating this matter with the utmost seriousness. AAPT will be contacting any impacted customers as soon as possible."
The ISP was apparently targeted to demonstrate the security risk posed by the country's hotly contested new proposals for data retention, which could result in ISPs being forced to keep internet and telephone activity records of its customers for at least two years. This would give law enforcement authorities access to social networking activity on sites like Facebook and Twitter, to the emails you send and receive.
Many industry experts believe the proposals (PDF) by the Parliamentary Joint Committee on Intelligence and Security that would force ISPs store this information also presents a massive target to hackers, and raises concerns about whether national security interests and a person's rights to privacy are being fairly balanced as part of Australia's biggest security law shakeup since 2001.