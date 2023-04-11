TPG Telecom is in the midst of a “full-scale” internal review of its customer data “handling, storage and purging” practices.

The telco disclosed the in-train review in brief commentary around its cyber security posture in its latest sustainability report [pdf].

“We initiated a full-scale internal review over all aspects of customer data handling, storage and purging,” TPG Telecom said.

“We want to request only the data that we absolutely need, securely store it only for as long as we need to, and then securely purge the data as soon as possible.

“Findings from this review will help inform improvements in our internal processes, as needed.”

The trigger point for the review wasn’t immediately clear; TPG Telecom said it was a response to the “discovery” of an issue, which appears to be either related to ongoing hybrid work arrangements and the potential risks to data the model posed, or to last year’s breach of hosted Exchange services.

On the hybrid work side, TPG Telecom said it had “increased remote monitoring of employee access and activities, while also introducing procedural changes that strengthened our control environment.”

“Increased awareness and training events were also delivered to employees focusing on security, privacy and fraud,” it said.

On the breach side, TPG Telecom - or, more precisely, its iiNet and Westnet retail brands - experienced a cyber security issue at the end of last year where its hosted Exchange services were targeted.

The telco did not offer further details on the incident, saying only that “we continue to strengthen our security processes and capabilities to keep up with evolving security threats so we can help protect customer data from unauthorised use, access, modification, or disclosure.”

More broadly, data collection and handling practices are a hot topic of discussion following on from a series of high-profile data breaches where historical data and personally-identifiable information dating back years was exfiltrated by attackers.