Pacnet Security Breach
Posted on May 20, 2015
2 min read
Last month Telstra finalised its acquisition of Pacnet Limited, a company that provides connectivity, managed services and data centre services to carriers, multinational corporations and governments in the Asia-Pacific region.
Shortly after we completed the acquisition, we were advised that the corporate IT network of Pacnet – essentially the email and other business management systems – had been accessed by an unauthorised third party.
We took immediate action to investigate and respond to the breach. This included sending Telstra security experts to Hong Kong to conduct a detailed assessment of Pacnet’s network security and engaging an expert external incident response team to assist with our monitoring and protective measures.
Our investigation found that a third party had gained initial access to Pacnet’s corporate network through a SQL vulnerability that enabled malicious software to be uploaded to the network and ultimately led to the theft of admin and user credentials.
We immediately addressed the security vulnerability that allowed access to the network, removed all known malicious software and put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.
We also ran indicator of compromise checks across all of the Pacnet corporate IT network computers, both servers and workstations.
Importantly, the Pacnet corporate IT network remains isolated from Telstra and there has been no evidence of any activity on Telstra’s networks.
We have no evidence that information was stolen from the network. Now that we understand the nature of the breach and have taken steps to address it we are talking to our Pacnet customers and staff to let them know what occurred and what we have done in response.
While we will look into who was behind the breach we may never know as attribution is very difficult. We have not had any contact from the perpetrators nor do we know the reason behind this activity.
Our focus at this time is not on attribution. It is on working with our customers and staff to help them understand what has occurred.
Telstra’s commitment to our customers is to work diligently every day to keep their data safe and our networks secure.
Subscribe for the latest news