Australia’s three major telcos have moved to reassure customers after it was alleged that corrupt insiders in offshore call centres were selling customer details.
Fairfax reported this week that details of Telstra, Optus and Vodafone customers could be bought from an Indian firm for between $350 and $1000, more if the customer was a celebrity or well-known.
The revelation left the telcos scrambling to reassure customers that their personal information was safe.
“Customer privacy is critically important,” Telstra CEO Andy Penn told an investor day briefing.
“We have no involvement or engagement with the organisation that has been purported to be selling customer information.
“We have very strong controls around privacy in all of our call centres. It’s something we take very seriously.
“We have very clear service standards with our external providers and very clear processes internally. There’s very clear guidelines for dealing with customer information.”
Vodafone Australia provided an extensive statement in response to questions from customers on Twitter.
“Our customers should have full confidence that their account details are secure,” it said.
“However, any potential privacy breach is investigated by a specialist team and if we are aware of any serious criminal conduct, we will report the incident to the relevant authorities.
“Vodafone operates a call centre in Hobart which is supported by a call centre in India.
“All our contact centres are subject to the same strict security policies, controls and technologies.”
An Optus spokesperson said it took the protection of customer data and privacy seriously.
"Employees who handle customer data receive regular training about their information security obligations and how to identify fraudulent behaviour," an Optus spokesperson said.
"To minimise the risk of fraudulent behaviour, call centre staff are unable to use recording devices, phones, pens or paper at their workstations.
"Optus also regularly monitors activities of staff working in our call centres.
"Our call centre operators do not have access to any platforms or systems that would provide visibility of information like the contents of customer phone calls, text messages or emails.”
The Australian Federal Police (AFP) said its cybercrime investigators had “met and corresponded with Vodafone and Optus” following the reports.
“The AFP subsequently provided information to Indian authorities for them to progress.”
Australian Information and Privacy Commissioner, Timothy Pilgrim, said he was “concerned” by the reports of customer information being offered for sale.
“My office is making enquiries with Optus, Telstra and Vodafone to determine what further action I may take in this matter,” Pilgrim said.
“These allegations, and the community response they have generated, are a reminder that Australian customers expect businesses to handle their personal information in line with Australian law no matter where they operate.”