The Australian Communications and Media Authority (ACMA) has given AAPT a formal warning for not adequately protecting its customers' personal information, which was leaked out in July last year through Melbourne IT.
In July 2012, hackers were able to exploit a vulnerability in an old version of Adobe's ColdFusion that had been running on a server hosted by Melbourne IT to obtain 40GB of AAPT customer data. AAPT said at the time that the data was historical and hadn't been used in over a year at that stage.
The ACMA commenced an investigation in that time, and today said that the data leaked contained personal information of AAPT's small business customers, and AAPT had failed to protect that information as required by the Telecommunications Consumer Protection (TCP) Code.
"Consumers need to have confidence that the personal information they give their provider is treated appropriately, and is only accessed by those authorised," ACMA chairman Chris Chapman said. "They also want to know that their details are stored securely with appropriate access restrictions."
The ACMA decided to only issue a formal warning because AAPT has since improved its processes and information management policies to comply with the code, and because the company acted so quickly to remedy the breach at the time.