iiNet, a broadband provider under TPG Telecom, has reported a significant data breach affecting potentially hundreds of thousands of customers. On 16 August, an “unknown third party” accessed iiNet’s order management system, which is used to manage customer orders. An internal investigation revealed that personal data from about 280,000 customers was compromised, including both active and inactive email addresses as well as landline phone numbers.
In addition to these details, another 10,000 accounts had user names, street addresses, and phone numbers accessed, along with over 1,700 modem setup passwords. However, iiNet assured that there was no breach involving credit card, banking, or financial information, nor were driver’s licence details or other identification documents compromised.
The breach was reportedly facilitated through stolen account credentials belonging to an iiNet staff member. TPG Telecom’s CEO, Inaki Berroeta, extended an apology to affected customers and emphasised that the company is actively investigating the incident to fully understand the implications.
As part of its response, iiNet is in the process of contacting affected customers to notify them of the breach, apologise for the incident, and provide information about support available. The company also declared that it is enhancing security measures within its operations and has engaged an incident response team to assist in remedying the situation.
Customers have been advised to remain vigilant and cautious of any unusual communications purporting to be from iiNet, as the company continues to navigate the repercussions of this cyberattack.