Sensis has blamed carrier partners for a privacy breach that led to it exposing around 230 unlisted phone numbers on the White Pages, a number of which remained on the website up to a week after the issue was uncovered.
Last week, iTnews reported that at least 230 unlisted numbers, including 80 residential customers and 150 business customers, had been published inadvertently in the White Pages.
Sensis pulled the unlisted residential numbers within a day of being notified of the breach. However, silent business listings remained on the website up to a week later.
For residential customers, the word “unlisted” was substituted for a customer’s surname, with their first name or initials still listed in many cases, alongside a phone number and home address.
With business customers, the listings appeared with the word “unlisted” in place of the first word in the name of the business. For example, Alia College in Melbourne’s inner-eastern suburbs was listed under the name “Unlisted College”.
While the listings didn’t appear under a search for the name of the customer’s account, the unlisted numbers could be found by searching for the name “unlisted” in the White Pages online directory, along with a state or suburb.
When questioned on the delay in removing the silent numbers, a Sensis spokesperson said it was up to each carrier to ensure they provide an accurate list of information that excludes any silent numbers.
“Sensis prefers not to edit a listing without being asked to do so by a customer or a carrier. Our listings are currently up to date in terms of all customer and carrier requests,” the Sensis spokesperson said.
The unlisted business numbers have since been removed from the directory.
A spokesperson for Telstra declined to disclose which of its wholesale customers was responsible for the alleged privacy breach, citing “contractual obligations”.
Acting Australian Information Commissioner Timothy Pilgrim told iTnews while he had not received any formal complaints about the matter, he was aware of it and making enquiries.
“The OAIC investigates complaints and potential data breach incidents in accordance with its privacy regulatory action policy,” Pilgrim said.
“Any individuals who are concerned about how their personal information has been handled should raise their concerns with their telecommunications provider in the first instance.
“If they are not satisfied with how the provider addresses their concern, they can make a complaint to the OAIC.”