AAPT warned over Melbourne IT data breach

Summary:The Australian Communications and Media Authority has given AAPT a slap on the wrist for after 40GB of customer data was stolen in July 2012.

The Australian Communications and Media Authority (ACMA) has given AAPT a formal warning for not adequately protecting its customers' personal information, which was leaked out in July last year through Melbourne IT.

In July 2012 , hackers were able to exploit a vulnerability in an old version of Adobe's ColdFusion that had been running on a server hosted by Melbourne IT to obtain 40GB of AAPT customer data. AAPT said at the time that the data was historical and hadn't been used in over a year at that stage.

The ACMA commenced an investigation in that time, and today said that the data leaked contained personal information of AAPT's small business customers, and AAPT had failed to protect that information as required by the Telecommunications Consumer Protection (TCP) Code.

"Consumers need to have confidence that the personal information they give their provider is treated appropriately, and is only accessed by those authorised," ACMA chairman Chris Chapman said. "They also want to know that their details are stored securely with appropriate access restrictions."

The ACMA decided to only issue a formal warning because AAPT has since improved its processes and information management policies to comply with the code, and because the company acted so quickly to remedy the breach at the time.

Topics: Telcos, AAPT

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.