TPG Telecom alerted the public to the iiNet cyber breach on Tuesday (19 August). Photo: James Coleman.
Internet provider iiNet has alerted the public that the sensitive information of thousands of customers appears to have been extracted from its system.
A media statement on Tuesday (19 August) outlined the unauthorised access by “an unknown third party” on Saturday (16 August), with external IT and cyber security experts called in to determine the full scope of accessed information.
Currently, it appears that a list of approximately 280,000 active iiNet email addresses and 20,000 active iiNet landline phone numbers were accessed, along with inactive email addresses and phone numbers.
About 10,000 iiNet user names, street addresses and phone numbers, and about 1700 modem set-up passwords also appeared to have been taken.
“We unreservedly apologise to the iiNet customers impacted by this incident,” TPG Telecom chief executive officer Inaki Berroeta said.
“We are continuing our investigations to ensure we understand all details surrounding this incident. We will begin contacting customers to make them aware of the incident, apologise and provide details on the support available.”
The company confirmed no credit, banking or financial information had been compromised. No driver’s licence numbers, ID documentation details or bank account details were disclosed either.
The media statement outlined that it appeared the breach had occurred after someone used account credentials stolen from an employee.
“At this time, the unauthorised access appears to have been contained to the iiNet internal ordering system, which is used to create and track orders for iiNet services, such as NBN connections,” it stated.
“Upon confirmation of the incident, we acted quickly to remove the unauthorised access to the system.
“We are making direct contact with affected customers to inform them of this incident and to provide support and guidance on what to do next. We will also contact all non-impacted iiNet customers to confirm they have not been affected.”
iiNet acquired Canberra company TransACT for $60 million in 2011. iiNet was then bought by TPG Telecom in 2015 for $1.56 billion.
Customers have been urged to remain vigilant, especially to any suspicious phone calls, emails or texts.
The Australian Cyber Security Centre (ACSC), the National Office of Cyber Security (NOCS), the Australian Signals Directorate (ASD), the Office of the Australian Information Commissioner (OAIC) and other relevant authorities have all been notified in response to this incident.
TPG Telecom has set up a dedicated hotline for people to voice their concerns: 1300 861 036. An information page has also been established to provide updates about the incident.
Those in doubt about any communications have been advised to contact iiNet directly or seek independent advice from trusted sources, including the Australian Cyber Security Centre.
