Australian Telecommunications company AAPT has confirmed a breach of its systems that resulted in some of its business customer data compromised.
According to iTnews, the company said that it was investigating the potential data breach after Anonymous threatened to release 40GB of data from an Australian internet service provider. It said that 3.5GB of data is alleged to be from AAPT.
The hacker said that the data was stolen "to prove a lack of security at ISPs and telcos to properly protect the information", which would be stored under the Federal Government's data retention draft policies.
An AAPT statement said: “It was brought to our attention by our service provider, Melbourne IT, at approximately 9.30pm (EST) last night that there had been a security incident and unauthorised access to some AAPT business customer data stored on servers at Melbourne IT. AAPT immediately instructed Melbourne IT to shut down the servers when we were notified of the incident.”
The compromised data is suspected to be a 40GB backup of an Adobe Cold Fusion database, accessed through a well-known vulnerability.
AAPT said that the servers that the files were stored on had not been used or connected for at least 12 months, although it remained unclear whether the compromised data files had also included information relating to AAPT's residential customer base prior to acquisition by iiNet. AAPT primarily serves business customers after selling its residential base to iiNet for $60 million in 2010.
AAPT said that its preliminary investigation indicated two ‘historic' data files with "limited personal customer information" had been compromised.
“We are undertaking a thorough investigation into the incident with Melbourne IT and the relevant authorities to establish exactly the type and extent of data that has been compromised, how the security incident happened and what further measures are required to prevent any future incidents,” AAPT said.
“AAPT will be contacting any impacted customers as soon as possible.”