Internet service provider AAPT has been issued a formal warning by the Australian Communications and Media Authority (ACMA), following an investigation into a data breach in July 2012 which hacktivist group Anonymous claimed credit for.According to ACMA, the ISP failed to protect the privacy of some of its small business customers’ personal information from unauthorised use or disclosure as required by the Telecommunications Consumer Protections (TCP) Code.The consumer watch dog’s investigation found that billing and related personal information was stored in an offsite server managed by a third party, and was the subject of a hacking incident.At the time, Anonymous had threatened to release 40GB of data from an ISP in protest over the Australian government’s proposed data retention laws–which could mean every Internet users’ entire Web history was logged and stored for up to two years. Anonymous also posted a message on its Par:AnoIA Twitter account which read:“Apparently rumors are spreading much already. Let us point the attention to this link: https://en.wikipedia.org/wiki/AAPT.” AAPT CEO David Yuile said at the time that two files were compromised and the data was historic, with limited personal customer information.In November 2012 he told Computerworld Australia that the company had undertaken a review of its data retention policy.“The review included a full assessment of where our data is kept and we’ve moved all of that data inside the AAPT network,” Yuile said.According to ACMA chairman Chris Chapman, the formal warning was issued because Australian consumers need to have confidence that the personal information they give to their provider is treated appropriately and only accessed by authorised personnel.“They also want to know that their details are stored securely with appropriate access restrictions,” he said in a statement.Chapman added that since the incident last year, AAPT had taken steps to improve its processes and staff awareness of the provider’s policies about information management and privacy to comply with the privacy requirements in the TCP Code. “Given the prompt action taken by AAPT to remedy the breach, the ACMA considers a formal warning is appropriate in the circumstances,” he said.Follow Hamish Barwick on Twitter: @HamishBarwickFollow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe