Optus, the second largest telecommunications provider in Australia, is investigating a data breach after customer data was leaked onto Freelancer.com.
Australian news site Crikey reports that the breach occurred when an employee of the debt collection firm Arc Mercantile posted a spreadsheet containing the personal information of customers who owed Optus money to Freelancer.com. Arc Mercantile, Crikey writes, was hoping to hire someone who could analyze the data. The spreadsheet is said to have contained the names, email addresses, physical addresses, dates of birth, phone numbers, and history of debt collection of 31,150 Optus customers. In total, the spreadsheet was accessed 51 times before Freelancer.com took the posting down for violating its terms and conditions.
"Optus takes the protection of customer data and privacy seriously," an Optus spokeswoman told ZDNet in a statement. "Optus has become aware that an employee of a third-party supplier posted a document containing customer data to a public website. This action was unauthorised by Optus and its supplier, ARC."
The spokeswoman went on to state that Optus is currently conducting a full investigation of the incident, that ARC Mercantile is cooperating with Optus in undertaking due diligence, and that Optus has reported the breach to the relevant authorities. One of the parties voluntarily notified by Optus was The Office of the Australian Information Commissioner (OAIC), which has applauded the Australian telecommunications provider for its actions:
"The OAIC has since been in contact with ARC Mercantile and Optus about this incident," a statement from the OAIC reads. "We are pleased to see that Optus has notified affected individuals about this incident. Notification can be an important mitigation strategy that has the potential to benefit both the organisation and the individuals affected by a data breach. The OAIC strongly encourages notification in appropriate circumstances as part of good privacy practice."
This news follows just months after Optus agreed to an independent review of its security systems after suffering three separate data breaches between 2008 and 2013.
