TPG Telecom, an Australian telecommunications company, disclosed a data breach targeting its iiNet order management system. This incident, discovered on Saturday, August 16, involved unauthorized access using stolen employee credentials and resulted in the exfiltration of customer data.
The initial statement released to the Australian Securities Exchange confirmed the ongoing investigation into the breach. The compromised system is an internal tool used within the iiNet brand for creating, managing, and tracking customer service orders. TPG Telecom characterized the attack as “limited,” emphasizing that the breached system does not store extensive data.
Despite this characterization, the compromised data includes a substantial amount of sensitive customer information. The affected data includes 280,000 active iiNet email addresses, around 20,000 active iiNet landline phone numbers, around 10,000 iiNet user names, street addresses, and phone numbers. Additionally, approximately 1,700 modem set-up passwords were stolen during the incident.
TPG Telecom clarified the types of data not compromised in the breach. The iiNet order management system does not contain copies or details of identity documents, nor does it store credit card or banking information. So, the stolen information can trigger a wave of highly convincing phishing emails, voice scams, and malware/ransomware deployments through vulnerable modems. Phishing emails can lead to the compromise of banking accounts, social media accounts, and other services, and could result in identity theft, wire fraud, and more.
In a public statement, TPG Telecom addressed the affected iiNet customers. “We unreservedly apologise to our iiNet customers impacted by this incident,” stated TPG Telecom in the announcement. The company outlined plans to communicate directly with both affected and unaffected customers.
TPG Telecom committed to informing impacted iiNet customers of necessary actions and offering assistance. The company also intends to contact all non-impacted iiNet subscribers to verify that their data was not compromised during the cyberattack. Currently, there is no evidence of abuse in the wild.
