Undersea cable company Pacnet, recently acquired by Australian telecommunications giant Telstra, confirmed today that it has been the victim of a cyberattack targeting its email and administration systems and potentially exposing sensitive data of thousands of business and government customers.
Telstra said that an unauthorised third party had been able to gain access to the Pacnet business management systems through a malicious software installed via a vulnerability on an SQL server. The hack had taken place just weeks before Telstra acquired the Asian internet service provider for $550mn (approx. £350mn) on 16th April this year. The telecom company confirmed that it had not been aware of the hack when it signed the deal in December 2014.
According to Telstra it is still unclear whether personal information of Pacnet customers had been exposed to theft, but it did suggest that had it been the intent of those behind the attack the opportunity was certainly there.
“We have no evidence that data was taken from the Pacnet corporate network,” said Mike Burgess, corporate security and investigation CIO at Telstra.
“Whilst we will look into who was behind the breach we may never know as attribution is very difficult. We have not had any contact from the perpetrators nor do we know the reason behind this activity,” he added.
Telstra revealed that the Australian Federal Police had been among the Pacnet client list, but has refused to provide comment on any of the other affected accounts.
Pacnet, a Hong Kong and Singapore-based company, owns approximately 28,000 miles of submarine fibre networks in the Asia Pacific region and provides internet protocol virtual private network (VPN) services in China.
The acquisition has enabled Telstra to break into the rapidly growing Chinese network management industry, spurred by demand for cloud computing services and remote access to corporate email systems and servers.