Share and Follow
Hundreds of thousands of customers of Australia’s second-largest internet provider have had their email addresses or phone numbers compromised in a cyber attack.
A list of about 280,000 active email addresses and roughly 20,000 active landline phone numbers were extracted from iiNet’s order management system, parent company TPG said.
Another 10,000-odd iiNet user names, street addresses and phone numbers and about 1,700 modem set-up passwords were also believed to have been accessed by an unknown third party.
The third party gained access to its system after stealing account credentials from an employee, early investigations suggest.
The hack was confirmed on Saturday but TPG did not notify iiNet customers or its shareholders until Tuesday morning.
“We unreservedly apologise to our iiNet customers impacted by this incident,” TPG said in a statement to the Australian Securities Exchange.
“We will be taking immediate steps to contact impacted iiNet customers, advise of any actions they should take and offer our assistance.
“We will also contact all non-impacted iiNet customers to confirm they have not been affected.”
The system caught up in the data breach is used to track iiNet orders such as broadband connections.
No credit cards, banking details or customer ID documents such as passports or driver’s licences were exposed as that information was not held in the system, the company said.
The telco has removed the unauthorised access from its system and hired external IT and cybersecurity experts to help in its response.
It is also liaising with the Australian Cyber Security Centre, the National Office of Cyber Security, the Office of the Australian Information Commissioner and other relevant authorities.
“We do not currently have any evidence to suggest an impact to our broader systems or other customers,” TPG said.
TPG Telecom Group holds the second largest share of Australia’s internet market, with TPG, Vodafone, iiNet and Internode among its stable.
