Investigations by iiNet and WA Police into the alleged breach of a Westnet database in 2015 have come up empty handed, concluding there is “no evidence of an unauthorised intrusion”.
The findings were made public by the Office of the Australian Information Commissioner (OAIC), which launched its own investigation into the alleged breach in the days after claims emerged in June 2015.
An unknown hacker claimed to have accessed customer data and unencrypted passwords, and was offering them for sale via an online forum. No proof was offered at the time.
In response, Westnet owner iiNet advised customers to change their passwords as a precaution and pulled the system offline immediately following the news reports.
The Australian Privacy Commissioner Timothy Pilgrim said in a statement today that no evidence of a breach had been found in the years since.
“iiNet confirmed that its own and WA police investigations had found no evidence of an unauthorised intrusion into the Westnet database,” Pilgrim said in a statement.
He said the ISP also migrated the account details held in the database “to another system where customer password details are stored with encryption”, and had undertaken “a review of all iiNet’s customer databases and confirmed that all customer passwords are stored in an encrypted form”.
Pilgrim said he believed the matter had been “adequately dealt with” by iiNet, warranting no further action.