Australian ISP iiNet (owned by TPG Telecom) confirmed a data breach after hackers exploited stolen employee credentials to access its order management system on 16 August 2025. The attack exposed 280,000 active email accounts, 20,000 landline numbers, 10,000 usernames, street addresses, and phone numbers, and 1,700 modem setup passwords. While no financial or identity documents were compromised, the leaked personal contact details pose risks for phishing, social engineering, and fraud. TPG disabled compromised accounts, engaged external cybersecurity experts, and reported the incident to Australian Cyber Security Centre, National Office of Cyber Security, and OAIC, indicating its severity. This marks the second major breach for TPG since 2022, following a prior email service hack. Customers were advised to reset passwords and monitor for suspicious activity. The breach aligns with a broader trend of Australian telecom cyberattacks, including the 2022 Optus breach affecting millions.
Source: https://hackread.com/australia-isp-iinet-data-breach-customer-accounts-stolen/
TPRM report: https://www.rankiteo.com/company/iinet
"id": "iin517082025",
"linkid": "iinet",
"type": "Breach",
"date": "6/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '280,000+ (email accounts) + '
'additional records',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'iiNet',
'type': 'Internet Service Provider (ISP)'},
{'industry': 'Telecommunications',
'location': 'Australia',
'name': 'TPG Telecom',
'type': 'Parent Company'}],
'attack_vector': ['Stolen Credentials', 'Compromised Employee Accounts'],
'customer_advisories': ['Change iiNet-related passwords (especially if '
'reused).',
'Beware of phishing emails/calls exploiting exposed '
'data.',
'Monitor accounts for suspicious activity.'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 311700,
'personally_identifiable_information': ['Names (via '
'usernames)',
'Addresses',
'Phone Numbers'],
'sensitivity_of_data': 'Moderate (No Financial/Payment Data, '
'but High Phishing Risk)',
'type_of_data_compromised': ['Email Addresses',
'Landline Numbers',
'Usernames',
'Street Addresses',
'Phone Numbers',
'Modem Setup Passwords']},
'date_detected': '2025-08-16',
'date_publicly_disclosed': '2025-08-16',
'description': 'Australian ISP iiNet (a subsidiary of TPG Telecom) confirmed '
'a data breach in its order management system, where hackers '
'used stolen employee credentials to access customer data. The '
'breach exposed 280,000 email accounts, 20,000 landline '
'numbers, 10,000 usernames/street addresses/phone numbers, and '
'1,700 modem setup passwords. No financial, identity, or '
'payment details were compromised, but the exposed contact '
'information poses risks for phishing and social engineering '
'attacks. TPG Telecom disabled compromised accounts, engaged '
'external security specialists, and notified regulatory bodies '
'(ACSC, National Office of Cyber Security, OAIC). This marks '
'the second breach for TPG since December 2022.',
'impact': {'brand_reputation_impact': ['Moderate (Second Breach Since 2022)',
'Potential Erosion of Trust'],
'data_compromised': ['280,000 email addresses (active iiNet '
'accounts)',
'20,000 landline numbers',
'10,000 usernames',
'10,000 street addresses',
'10,000 phone numbers',
'1,700 modem setup passwords'],
'identity_theft_risk': ['Low (No Financial/ID Documents Exposed)',
'Phishing Risk Elevated'],
'legal_liabilities': ['Potential Regulatory Scrutiny (OAIC, ACSC)'],
'operational_impact': ['Account Disruptions', 'Security Overhaul'],
'payment_information_risk': 'None',
'systems_affected': ['Order Management System']},
'initial_access_broker': {'entry_point': 'Stolen Employee Credentials',
'high_value_targets': ['Order Management System',
'Customer Contact Data']},
'investigation_status': 'Ongoing (External Specialists Involved)',
'lessons_learned': ['Importance of Multi-Factor Authentication (MFA) for '
'Employee Accounts',
'Need for Continuous Monitoring of Credential Theft Risks',
'Proactive Customer Communication to Mitigate Phishing '
'Risks'],
'motivation': ['Data Theft',
'Potential Phishing/Social Engineering Enablement'],
'post_incident_analysis': {'corrective_actions': ['Disabled Compromised '
'Accounts',
'Engaged External Security '
'Experts',
'Regulatory Coordination',
'Customer Notification '
'Campaign'],
'root_causes': ['Inadequate Credential Protection',
'Lack of MFA on Critical Systems']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Implement MFA for all employee and customer-facing '
'systems.',
'Conduct regular credential hygiene audits.',
'Enhance employee training on phishing and social '
'engineering.',
'Expand threat detection capabilities for order '
'management systems.',
'Provide customers with identity protection resources.'],
'references': [{'source': 'Hackread.com (Article on TPG 2022 Breach)'},
{'source': 'TPG Telecom Public Statement (2025-08-16)'},
{'source': 'Australian Cyber Security Centre (ACSC) Advisory'}],
'regulatory_compliance': {'regulatory_notifications': ['Australian Cyber '
'Security Centre '
'(ACSC)',
'National Office of '
'Cyber Security',
'Office of the '
'Australian '
'Information '
'Commissioner (OAIC)']},
'response': {'communication_strategy': ['Public Disclosure',
'Regulatory Notifications (ACSC, '
'OAIC)',
'Customer Advisories'],
'containment_measures': ['Disabled Compromised Accounts'],
'incident_response_plan_activated': True,
'recovery_measures': ['Customer Notifications',
'Security Resources Provided'],
'third_party_assistance': ['External Security Specialists']},
'stakeholder_advisories': ['Regulatory Bodies (ACSC, OAIC)',
'Impacted/Non-Impacted Customers'],
'title': 'iiNet Data Breach via Stolen Employee Credentials (2025)',
'type': ['Data Breach', 'Unauthorized Access'],
'vulnerability_exploited': 'Weak or Stolen Employee Credentials'}