Employee data breach: what you need to know

You may have seen media reports about a data breach involving Telstra employee data. We wanted to let you know what happened.

· 04 October 2022 · 3 minute read

You may have seen media reports about a data breach involving Telstra employee data. We wanted to let you know what happened.

First things first: There has been no breach of Telstra’s systems. And no customer account data was involved.

Unfortunately, these types of events are not uncommon and, given the interconnected world that we live, one event can impact many organisations.

What happened?

Here are the facts.

Information obtained as a result of a data breach at a third-party supplier, was posted on the internet. The supplier previously provided a now-obsolete Telstra employee rewards program.

Critically, there was no breach of any Telstra systems, and no customer account information was stored on the third-party platform.

The data that was posted was from 2017, and was basic in nature. Only names (first and last) and email addresses used to sign up to the employee rewards program were impacted.

We have also learned the breach was not specific to Telstra, and several other companies have also been affected.

When did we find out?

We became aware of this event last week, and notified our team soon after.

We’ve already let our current team members know and while the risk is low for former employees, we will try to contact them.

Which platform was breached?

It was a third-party platform called Work Life NAB that is no longer live. It was used by several other organisations and not limited to Telstra.

It was run by Pegasus Group Australia, which is a subsidiary of MyRewards International Ltd.

What happens next?

Cyber security is a team sport and we will continue working with the third party to determine how this happened and understand any additional impacts that may arise.

We’ll post any important updates here, and to our Twitter and Facebook pages should the situation change

By Narelle Devine

Chief Information Security Officer, Asia Pacific

Narelle has a diverse background having worked across the military, government and corporate sectors. Narelle began her career in the Royal Australian Navy before joining the Australian Government’s Department of Human Services as Chief Information Security Officer. In June 2020 Narelle joined Telstra as the Chief Information Security Officer Asia Pacific. Narelle is responsible for the company’s cyber security operations, intelligence, risk, governance, compliance, development and engagement. Narelle holds a Bachelor of Arts in Information Systems and English, a Master of Science in Information Technology and a Master of Systems Engineering. In addition to her love of cyber operations she is passionate about workplace culture, diversity, training and recruitment and is a current member of the RSAC Advisory Board and the AISA Executive Advisory Board.