Second Biggest Aussie Telecom Cops to Several Humongo Privacy Breaches

The first incident occurred in February 2013, when telco Optus made an error on its website, exposing confidential data on 122,000.

What happened was that Optus customers who completed a rate plan change via the website had their White Pages listing preference incorrectly changed from No to Yes. 

The second incident created vulnerabilities in Netgear and Cisco modems after Optus left the management ports for these models open. The telco had mistakenly assumed they were only accessible for network management purposes. “Optus also issued 197,000 of the Netgear modems and 111,000 of the Cisco modems to its customers with factory default settings, including user default names and passwords in place,” the Australian reports.

The third incident took place between September 2013 and May13, 2014, when a flaw in Optus’s security processes led to some customer voicemail accounts not being password protected.  This meant an unauthorized party could potentially access and use customer voicemail messages.

Affected customers were notified in 2014.