TPG Telecom Cyber Incident Exposes Thousands of Customers’ Data Through iiNet Breach in Australia
Published
- Breach confirmed: Australia's TPG Telecom confirmed being targeted by a breach that compromised sensitive customer data.
- Unauthorized access: Attackers gained access to an order management system under the company’s iiNet subsidiary systems.
- What was exposed: Hackers accessed around 280,000 active email addresses and approximately 20,000 active landline phone numbers.
Australia's second-largest internet service provider, TPG Telecom, confirmed on Tuesday a significant cyber incident affecting its iiNet subsidiary systems. The breach involved unauthorized access to an order management system, compromising sensitive customer information.
Breach Scope and Compromised Data
The iiNet data breach resulted in the extraction of substantial customer information from the telecommunications provider's systems. According to official reports cited by Reuters, attackers accessed:
- approximately 280,000 active email addressesÂ
- around 20,000 active landline phone numbersÂ
- 10,000 iiNet usernames and:
- street addressesÂ
- phone numbers
- about 1,700 modem set-up passwords
The compromised order management system, acquired by TPG Telecom in 2020, serves as a critical software tool for tracking customer service orders, including broadband connections and related telecommunications services.Â
While the data breach exposed significant personal information, company officials confirmed that the system does not contain identity documents, cards, or banking information, potentially limiting the scope of financial exposure for affected customers.
Investigation and Response Protocol
TPG Telecom's cybersecurity measures were immediately activated, the breach was contained, and third-party access was removed over the weekend.Â
Early investigations suggest that hackers gained access to the system via stolen employee account credentials, as recently reported by ABC Australia, indicating a targeted attack vector commonly exploited by cybercriminal organizations.
Current assessments indicate no impact on broader TPG Telecom systems, suggesting the attack remained isolated to the iiNet infrastructure.
This incident highlights the growing cybersecurity challenges faced by the telecommunications sector, where customer data security remains a top priority for service providers managing extensive databases of personal information across their operational networks.
In July, SK Telecom suffered a data breach, while AT&T Inc., Verizon, and Lumen Technologies have also been targeted by cyberattacks. Third-party CRMs have recently been targeted in a wave of social engineering attacks, including the Clorox and Cognizant case and the Salesforce-related campaigns.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular