Australian customers’ recorded private phone calls online


Breach Incidents, Business Sector, Exposure, Non-U.S. Add comments.

Jun 09 2013
Ben Grubb reports:

“This call may be recorded for training and quality purposes.” THIS PART IS SCARY IF YOUR CALLS ARE BEING RECORDED AND OR MONITORED BY THE GOVERNMENT WHAT ELSE COULD LEAK IT CERTAINLY APPEARS THAT OUR 4TH AMENDMENT IS IN QUESTION..FOR THAT MATTER WHAT EVER HAPPEN TO THE CONSTITUTION AND OUR BILL OF RIGHTS…OH THAT’S RIGHT IT GET MODIFED SO SUIT THE GOVERNEMENT.
And perhaps inadvertently uploaded to the internet if you’re a customer of a certain Australian telco.

Recorded voice contracts containing personally identifiable information between telco IF Telecom and its customers have been found online by an Australian security expert while performing a simple Google search.

The audio files found on the internet contain business managers confirming telephone contract agreements to an IF Telecom operator. Information read aloud during the calls by business customers includes their name and position, business name, date of birth, drivers’ licence number and expiry date, business street address and business telephone number.
Excel spreadsheets containing the same information were also uncovered by the security expert, who didn’t want to be named, while doing the same Google search. The audio files and spreadsheets were uncovered in a website directory that was not protected by a password and which Google had crawled and indexed for its search engine.

The files appeared to change often, indicating that perhaps only recent ones were kept in the public folder.

On Thursday afternoon, about eight of IF Telecom’s recent voice contracts were listed in the folder.

IF Telecom operations manager Nick Holden told Fairfax Media on Thursday that the telco wasn’t aware of the voice contracts being accessible on the public internet and thanked Fairfax for referring it to the breach.

“We’re going to launch an investigation and we’re going to take the site down immediately,” Mr Holden said.

Shortly after commenting, the directory containing the files was removed from the company’s website.

Mr Holden said that the files were uploaded to an FTP server that the company believed was secure.

“We’ve got an FTP site; it’s password protected. So no, we weren’t aware that this could happen,” he said.

“That’s all I can say at the moment.”

Tags: , , , , , ,

Comments are closed.

%d bloggers like this: