Australia's Telstra has advised Pacnet customers of a security breach allowing unauthorized access to the Hong Kong based ICT provider's corporate IT network.
The breach occurred prior to Telstra taking ownership of Pacnet in April, and Telstra was only made aware of the breach on finalization of the purchase.
The reason for the breach is unknown and there has been no contact with the perpetrators.
Telstra group executive of global enterprise services Brendon Riley said an investigation into the incident shows that a third party gained access to Pacnet's corporate IT network, including email and other admin systems, through exploiting an SQL vulnerability to inject malware.
“To protect against further activity we rectified the security vulnerabilities that allowed the unauthorised access. We have also put in place additional monitoring and incident response capabilities that we routinely apply to all of our networks,” he said.
“Now we have addressed the breach and understand its potential impacts we are in the process of advising our Pacnet customers worldwide of what occurred and reassuring them that we are now applying the same high level of security we apply to Telstra’s networks.”
At a media briefing, CISO Mike Burges said the company has no evidence that any data was extracted during the intrusion.
“We know that they had access to the network, [but] we don't what they took and where they went, in terms of information sources. That's why we took the decision to inform all of our customers so they can be aware of this issue,” he said.
Riley said Telstra's focus will be working with Pacnet customers to minimize the impact of the breach.