TPG Telecom is currently investigating a cyber incident involving unauthorised access to an iiNet order management system. The ASX-listed company believes the breach, which occurred on August 16, was gained using stolen employee credentials. TPG Telecom is a telecommunications company providing mobile and fixed broadband services to consumers, businesses, and wholesale customers. iiNet is one of Australia’s largest internet service providers and a subsidiary of TPG Telecom.
According to TPG Telecom’s preliminary analysis, the breach appears to be isolated to the iiNet order management system. This system handles broadband orders and contains some customer data. The compromised data may include approximately 280,000 active email addresses, 20,000 landline numbers, 10,000 user names with associated addresses, and 1,700 modem setup passwords.
Importantly, TPG Telecom has stated that no identity documents, credit card details, or banking information were involved in the cyber incident. Upon discovering the breach, TPG Telecom engaged cybersecurity experts to investigate the incident and contain the damage. The company is also in the process of notifying affected customers of the potential data breach and providing guidance on how to protect their information.
TPG Telecom is collaborating with Australian authorities, including the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC), to address the cyber incident. The company has stated that there is currently no evidence to suggest that other systems or customers have been impacted by this breach.
