AAPT confirms data breach

Powered by SC Magazine
 

Anonymous' victim ISP revealed.

AAPT has confirmed a breach of systems held at an external service provider that saw some of the telco's "business customer data" compromised.

The telco told iTnews this morning that it was investigating if a potential data breach, after hacking group Anonymous threatened to release 40 GB of data from an Australian internet service provider.

Some 3.5 GB of data is alleged to be from AAPT.

"It was brought to our attention by our service provider, Melbourne IT, at approximately 9.30pm last night that there had been a security incident and unauthorised access to some AAPT business customer data stored on servers at Melbourne IT," the telco said in a statement.

"AAPT immediately instructed Melbourne IT to shut down the servers when we were notified of the incident."

Anonymous had threatened earlier this week to release the data but was reportedly working to minimise potential harm to individual customers.

The compromised data is suspected to be a 40 GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.

AAPT, which primarily serves business customers after selling its residential base to iiNet for $60 million in 2010, said that preliminary investigation indicated two "historic" data files with "limited personal customer information" had been compromised.

"Further, the servers on which the files were stored have not been used or connected to AAPT for at least 12 months," the company said.

iTnews has since confirmed an older version of AAPT's business website ran on Cold Fusion. Newer pages do not appear to be based on the same systems.

iiNet chief regulatory officer Steve Dalby said the company had found no link between the residential customer information acquired from AAPT and that compromised by the breach this week.

"iiNet understands the possible breach by Anonymous group of Melbourne IT systems and access to AAPT business customer data does not relate to the residential customers we acquired from AAPT in 2010," he said in a statement.

Material from the breach has been uploaded to the web, according to online chat logs from the group. However, this could not be independently confirmed by iTnews at the time of publication.

The threatened release of data appears to be in protest against Australia's proposed data retention regime, which would mandate ISPs to collect and hold transmission data from its users for up to two years.

One hacker told iTnews' sister publication SC Magazine that the data was stolen "to prove a lack of security at ISPs and telcos to properly protect the information" that would be stored under the Federal Government's data retention draft policies.

"We are undertaking a thorough investigation into the incident with Melbourne IT and the relevant authorities to establish exactly the type and extent of data that has been compromised, how the security incident happene dand what further measures are required to prevent any future incidents," AAPT said.

"AAPT will be contacting any impacted customers as soon as possible."

Anonymous earlier hinted that AAPT was the provider in question on Twitter: "Apparently rumors are spreading much already. Let us point the attention to this link: en.wikipedia.org/wiki/AAPT #OpAustralia" it tweeted.

More to come...

Copyright © iTnews.com.au . All rights reserved.


AAPT confirms data breach
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1783

Vote
Do you support the abolition of the Office of the Information Commissioner?