Telecom data breach prompts warning

Alan Gourdie. Photo / Dean Purcell

The office of the Privacy Commissioner has cautioned businesses against using confidentiality deals as "window dressing" as it investigates a major security breach which allowed a rival access to personal details of every Telecom customer.

Power Marketing, a marketing company working for Slingshot, has been accused of accessing the telco's Wireline database, which contains customers' personal information, including the plans customers were signed up to and how much they paid for them.

Assistant Privacy Commissioner Katrine Evans said the office was working closely with Telecom to determine how the breach came about and would conduct its own inquiries, outside of its talks with Telecom. It would report the matter to police if necessary.

Evans said any business that used a contractor or outsourced work had a duty to ensure confidentiality agreements were in place and were not merely "window dressing" for a firm.

"Customers can take certain steps to protect themselves, but often with this kind of thing you are relying on businesses to get it right."

She hoped to have a clearer picture of the situation by the end of the week.

Meanwhile, Telecom reassured customers yesterday that it took protection of its customers' personal information seriously and had security policies and practices to prevent misuse.

"If our investigation confirms unauthorised access we will pursue all appropriate action," Telecom Retail chief executive Alan Gourdie said.

He said the system did not give access to credit details or calling histories and the account used to access Wireline was deactivated on Friday.

Contact Centre consultant Megan Lacy of Lacy Consulting said she was appalled at the breach, which she said gave the telemarketing and outsourcing industry a bad rap.

"If I was Telecom I'd be fuming."

CallPlus chief executive Mark Callender - who oversees Slingshot - did not respond to phone calls yesterday, although he has previously said he would meet Power Marketing owner Paul Ross to discuss the breach.

Lacy said she was familiar with Wireline and it was possible a former Telecom staff member had left the dealership, taken their knowledge and login details for the system to Power Marketing and used it to their advantage. "That's the nature of outsourcing companies. It's all about targets."

Katherine Hall of telecommunications' lobby group Tuanz said it didn't reflect well on the industry.

"Having two large providers arguing in public about the potential misuse of customers' private information is bad for both parties and bad for the industry as a whole.

"We would hope the Privacy Commissioner would look at this issue closely and that all the parties involved adopt any and all recommendations that come out of the investigation."