::Trend Micro Threat Resource Center::

22 May 2015

Pacnet's corporate IT network breached, warns Telstra

Telstra has advised Pacnet customers, staff and regulators in relevant jurisdictions of a security breach that allowed third party access to Pacnet’s corporate IT network.

The breach occurred prior to Telstra taking ownership of Pacnet and Telstra was made aware of the breach on finalization of the purchase on 16 April 2015.

Group Executive of Global Enterprise Services Brendon Riley said Telstra had taken immediate action to protect the security of the network once it was informed of the breach.

“Our investigation found a third party had attained access to Pacnet’s corporate IT network, including email and other administrative systems, through a SQL vulnerability that enabled malicious software to be uploaded to the network,” Riley said.

“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorized access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks.

“Now we have addressed the breach and understand its potential impacts we are in the process of advising our Pacnet customers worldwide of what occurred and reassuring them that we are now applying the same high level of security we apply to Telstra’s networks.”

The Pacnet corporate IT network is not connected to Telstra and there has been no evidence of any activity on Telstra’s networks.

Riley said there had been no contact from the perpetrators nor did Telstra know the reason for the breach.

“Our focus is not on attribution. Our focus is working with our customers to understand and minimize the impact to them and to give them confidence that we will apply Telstra’s very high security standards to the Pacnet IT network,” Riley said.

“Protecting the information of our customers and people is critically important to Telstra. We make significant investments in security capabilities and work around the clock globally to keep our customers’ data safe and our networks secure.”