Just weeks after Optus disclosed that the data of 10 million users had been exposed in a data breach, its parent company, Singtel, is coping with two of its own data intrusions, according to The Guardian. Singtel acknowledged that information taken from Singtel in a 2020 cyber-attack appeared in a post on a data breach forum on Friday. The guy who threatened to publish Optus’s stolen data there last month was a member of the same community.
Singtel said that Accellion FTA, a file transfer program it utilized, has a zero-day vulnerability that had been used by hackers in late 2020 to steal Singtel files. When the hack was discovered in February of last year, the organization immediately stopped using the system and began analyzing what information might have been exposed. Singtel notified customers who were impacted, but the post on the site for data leaks is said to be the first time the data has allegedly been made public online.
After potentially the biggest hack Australia has ever seen, further breaches up the chain coming out of the woodwork from yesteryear is potentially even more damaging to the company. At a difficult time for Australian cybersecurity and privacy law, seemingly covered-up breaches are harmful to society and may impact trust in future laws and changes. In days gone by, it was quite normal to see cyberattacks pushed under the carpet and glossed over, but nowadays it has the reverse effect should they not be publicly announced.