This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

Telstra

Summary

Telstra suffered a mailing list error that resulted in approximately 60,300 letters being sent to incorrect addresses, exposing customer names, telephone plans and phone numbers to unauthorised recipients. The breach was particularly serious as it included 15,400 customers with silent lines (unlisted numbers) who had specifically paid for privacy protections.

What Happened

In October 2010, Telstra prepared a mass mailing to customers explaining new pricing charges. Due to a mailing list error, approximately 60,300 letters were addressed incorrectly, causing them to be delivered to the wrong customers. Each incorrectly addressed letter contained the customer name, telephone plan and phone number of a different Telstra customer.

Initial reports suggested 220,000 customers were affected, but Telstra's internal investigation revealed the actual number was 60,300 incorrectly addressed letters. Of these, 15,400 letters were returned to the mail house unopened, though the remaining letters reached unintended recipients.

The breach was discovered when customers began contacting Telstra to report receiving letters containing other people's personal information. Telstra immediately notified the Australian Communications and Media Authority and the Office of the Privacy Commissioner, launching a joint investigation.

Impact on Individuals

The breach had particularly serious consequences for customers with silent lines:

  • Silent line privacy breach: 15,400 customers with unlisted numbers had their phone numbers exposed, defeating the purpose of a privacy service they had specifically paid for
  • Targeted harassment risk: Silent line customers often seek unlisted numbers to avoid harassment, stalking or unwanted contact from specific individuals
  • Safety concerns: Some customers use silent lines for safety reasons, such as escaping domestic violence or stalking situations
  • Trust violation: Customers who paid for privacy protections found those safeguards compromised through administrative error
  • Telemarketing exposure: All affected customers faced increased risks of unwanted calls and marketing

For customers with publicly listed numbers, the exposure was less severe but still represented a privacy breach as their information was disclosed to unintended recipients.

Organisational Response

Telstra prioritised contacting affected customers with silent lines, attempting to reach them by phone first before proceeding to contact all potentially affected customers. The company cooperated fully with investigations by both the Australian Communications and Media Authority and the Privacy Commissioner's Office.

The Privacy Commissioner concluded that Telstra had breached National Privacy Principle 2 by disclosing the personal information of some customers to unauthorised third parties. However, the Commissioner decided to cease the investigation on the grounds that Telstra had adequately dealt with the matter by promptly notifying affected customers and implementing measures to prevent similar incidents.

This incident occurred alongside other Telstra privacy breaches in 2010, where two separate incidents earlier in the year exposed the details of approximately 4,000 additional customers, demonstrating ongoing challenges with customer data protection at the telecommunications provider.

Verification Source: View original statement