Telstra and NAB have been stung by a data breach of a rewards platform, with names and email addresses of their current and former staff posted online.
The companies said on Tuesday their internal systems had not been hacked, instead the information of their employees had been stolen from a platform called Pegasus, which provides rewards programs for businesses.
The names and email addresses of about 30,000 current and former employees were published on the Dark Web.Credit:Craig Sillitoe
“We’ve been made aware of a data breach affecting a third party that included limited Telstra employee information from 2017,” a Telstra spokesman said. “To be clear, it was not a breach of any Telstra systems.”
“No customer account information was included. We believe it’s been made available now in an attempt to profit from the Optus breach.”
The Telstra data, covering 30,000 employees, was from 2017 and published on the same forum that published the Optus customer data last week. Meanwhile, the National Australia Bank said the names and email addresses of a number of employees had been exposed, but stressed it was not due to a breach of any NAB systems.
“None of our customers’ banking or financial information has been breached or compromised,” he said. “The data released is five years old and is very basic, such as names and emails and we believe there is minimal risk.”
My Rewards International, which owns Pegasus Group Australia, said the platform was independent and not linked to the current program offered by the company.
Loading
Sources familiar with the breach said the names and email addresses of up to 72,000 current and former employees across 15 companies that used the platform were taken by an unauthorised person back in 2017, but that most of these individuals used their business emails to access the platform and were no longer current employees. The data, which was stolen five years ago, was only recently made public on the internet.