On Saturday from Australia, news broke that TPG Telecom Limited subsidiary, iiNet, suffered a significant cyber attack. This breach exposed the personal information of approximately 280,000 customers. In addition, a third party had broken into iiNet’s systems. To do this, they stole account credentials belonging to one of TPG’s employees. This incident raises questions about the security practices at one of Australia’s biggest ISPs.
In the immediate aftermath of the attack, TPG wasted no time giving iiNet’s customers and shareholders the bad news on Tuesday morning. In disclosures regarding the breach, the company admitted that sensitive information had been stolen from their systems. This included even more sensitive information such as active email addresses, landline phone numbers, usernames, street addresses and modem setup passwords. In particular, the attackers made off with 280,000 email addresses and 20,000 landline phone numbers from iiNet’s order management database. In addition, nearly 10,000 user screen names and street addresses were exposed, as well as 1,700 modem configuration passwords.
“The cyber attack on iiNet has raised alarms about customer data safety,” a TPG spokesperson stated. “We unreservedly apologise to our iiNet customers impacted by this incident.”
Investigators determined that the hackers had infiltrated iiNet’s physical infrastructure. They took advantage of stolen credentials from an employee at TPG, iiNet’s parent company. This brings attention to the likelihood of and potential vulnerability with employee security protocol that need to be re-evaluated.
In response to the breach, TPG stated that it would implement a number of actions to better support its impacted customers. “We will be taking immediate steps to contact impacted iiNet customers, advise of any actions they should take and offer our assistance,” the spokesperson added. In addition, TPG will be contacting unaffected iiNet customers to provide assurances about the safety of their data.
As Australia’s second-largest internet service provider, this crash landing raises serious questions about whether iiNet’s promises to protect your data mean anything. The company faces challenges in restoring trust with its user base in the wake of such a significant security breach.
