๐Ÿ”’breach.co.nz ยท the NZ & Australia breach register ๐Ÿ›ก๏ธ A Govern service
Register โ€บ ๐Ÿ‡ฆ๐Ÿ‡บ AU โ€บ Telco
Telco sector ยท leaderboard
Own the Telco leaderboard
The top banner across the Telco overview and every Telco record โ€” one advertiser, exclusively.
Own this leaderboard โ†’ breach@govern.co.nz

Telstra (unlisted-number disclosure)

๐Ÿ‡ฆ๐Ÿ‡บ Australia ยท Telstra Corporation Limited ยท Record AU-2022-1215
โ— Confirmed
People affected
132,000 (approx)
Breach date
2022-12
Regulator
ACMA (regulator action)
Trust tier
A ยท Confirmed

Data exposed

Names, addresses and phone numbers of customers who had paid for unlisted (silent) numbers โ€” inadvertently published in the public directory Confirmed

Confidence: Confirmed = regulator/court ยท Company-confirmed = the organisation's own disclosure ยท Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In December 2022 Telstra inadvertently published the names, addresses and phone numbers of about 132,000 customers who had paid to keep their numbers unlisted, through a database misalignment rather than a cyber attack [tel-acs]. The communications regulator, the ACMA, later confirmed formal regulator action over the disclosure of thousands of unlisted numbers [tel-acma].

Current status

Resolved with regulator action. This was an internal error, not a hack; the ~132,000 figure is as reported, and the ACMA has confirmed the unlisted-number disclosure [tel-acs], [tel-acma].

Why it matters

People pay for silent numbers precisely to stay unfindable โ€” often for safety reasons โ€” so publishing them is a real, targeted harm even without an attacker involved.

GGOVERN Tabletop Exercises ยท Govern house Strengthen your cyber resilience โ€” rehearse the decisions that matter. Book a Discovery Call โ†’