Asian Telecom Firm Pacnet Was Hacked While the Company Was Being Sold

About two weeks before Australian communications provider Telstra completed an acquisition of Asian undersea cable company Pacnet, an attacker broke into Pacnet’s corporate network.

The hacker used a so-called SQL injection, a computer program that take advantage of security vulnerabilities in software and can allow intruders to steal data.

“We know they had access to the network,” Mike Burgess, Telstra’s chief information security officer, said on May 20. “We don’t know what they took, we don’t know where they went in terms of information sources and that’s why we took the decision to inform all our customers.”

The incursion likely was limited to Pacnet’s internal email and back-office systems. There is no evidence any customer data was taken.

Pacnet’s clients include large multinational companies and government agencies, such as the Australian Federal Police.

According to the Australian Financial Review, Telstra was not told of the breach until after the deal was completed on April 16.

Pacnet is one of the few Western telecommunications providers to have its data centers in China, AFR reports. There is no indication that the attackers were Chinese or even backed by a government.