Vodafone has yet to confirm or deny the breach occurred pending the outcome of an internal security audit. It is alleged that database log-in information was leaked by a staff member or dealer to criminals who intended to use the records, which included names, addresses and phone records, for blackmail.
Rival telcos did not reveal their security arrangements, which they feel would invite attacks, but ZDNet Australia understands that multi-layered architectures protect customer details from unauthorised use by stores, dealers and operators. At least one telco uses two-factor authentication and wastes no time in removing defunct staff accounts.
Although the telcos were tight-lipped on details, Optus did say that even being confident in its security, it is not taking any chances and has already ordered a security audit of its customer database.
"While Optus believes the customer information it holds is adequately protected, we are conducting a review of our systems and processes to ensure our customers' information is secure, following reports [of the breach]," the company said.
Optus also said that access to customer information was on a need-to-know basis.
"For security reasons we do not share details of how authorised personnel access customer databases. However, customers can be assured that only authorised Optus personnel and sales agents have access to our customer management systems and customer information is accessible on a limited and need-to-know basis which is managed under strict processes and protocols."
The telco said its sales databases hold "limited information" and do not store customer financial or call records.
Telstra runs regular reviews into its security arrangements, according to the company.
"We have an extensive and comprehensive security system which reflects priority on protecting customer details," Telstra spokesperson Karina Keisler said. "We have a multi-layered system which ensures the best protection, but given the constant changing nature of technology, we see it as our duty to continually review systems — you can never sit still."
Vodafone may face legal action over the breach if law firm Piper Alderman includes the matter in its planned class action lawsuit over the quality of the telco's 3G mobile service.
The Australian Privacy Commissioner is also eyeing the breach.