Australia’s second-largest internet provider, TPG (parent company of iiNet), suffered a data breach where an unauthorized third party accessed its order management system after stealing an employee’s credentials. The breach exposed ~280,000 active email addresses, ~20,000 landline phone numbers, ~10,000 user names/street addresses/phone numbers, and ~1,700 modem setup passwords. While no financial data (credit cards, banking details) or identity documents (passports, driver’s licenses) were compromised, the leaked personal information poses risks of phishing, fraud, and targeted scams. TPG delayed disclosure by four days before notifying affected customers, shareholders, and regulators (e.g., Australian Cyber Security Centre, OAIC). The company claimed no broader system impact but is investigating with external cybersecurity experts. Customers were advised to monitor for suspicious communications, and a dedicated hotline was established. The breach stems from employee credential theft, highlighting internal security vulnerabilities.
Source: https://www.abc.net.au/news/2025-08-19/iinet-reveals-details-accessed-by-cyber-criminal/105671974
TPRM report: https://www.rankiteo.com/company/tpg-telecom
"id": "tpg1016082025",
"linkid": "tpg-telecom",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '~311,700 (280,000 emails + '
'20,000 landlines + 10,000 '
'names/addresses + 1,700 '
'passwords)',
'industry': 'telecommunications',
'location': 'Australia',
'name': 'iiNet',
'size': 'large (second-largest ISP in Australia)',
'type': 'internet service provider (ISP)'}],
'attack_vector': ['credential theft',
'insider threat (stolen employee credentials)'],
'customer_advisories': ['Vigilance against phishing/suspicious communications',
'Dedicated hotline for concerns'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '~311,700',
'personally_identifiable_information': ['email addresses',
'phone numbers',
'street addresses',
'user names'],
'sensitivity_of_data': ['low to moderate (no financial or ID '
'documents)'],
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'contact information',
'authentication credentials '
'(modem passwords)']},
'date_detected': '2023-10-21T00:00:00+11:00',
'date_publicly_disclosed': '2023-10-24T00:00:00+11:00',
'description': "Australia's second-largest internet provider, iiNet (a "
'subsidiary of TPG Telecom), suffered a data breach where an '
'unknown third party gained unauthorized access to its order '
'management system. The breach exposed approximately 280,000 '
'active email addresses, 20,000 landline phone numbers, 10,000 '
'user names, street addresses, phone numbers, and 1,700 modem '
'set-up passwords. The third party accessed the system using '
'stolen employee credentials. No financial or identity '
'documents were compromised.',
'impact': {'brand_reputation_impact': ['public apology issued',
'media coverage'],
'data_compromised': ['280,000 email addresses',
'20,000 landline phone numbers',
'10,000 user names',
'street addresses',
'phone numbers',
'1,700 modem set-up passwords'],
'identity_theft_risk': ['low (no ID documents exposed)',
'modem passwords at risk'],
'operational_impact': ['customer notifications',
'hotline setup',
'external cybersecurity assistance'],
'payment_information_risk': 'none (no credit card or banking '
'details exposed)',
'systems_affected': ['iiNet order management system']},
'initial_access_broker': {'entry_point': 'stolen employee credentials',
'high_value_targets': ['order management system']},
'investigation_status': 'ongoing (external experts engaged)',
'post_incident_analysis': {'root_causes': ['stolen employee credentials',
'unauthorized access to order '
'management system']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Customers advised to remain vigilant for suspicious '
'communications (email, text, phone calls)',
'Review and update authentication credentials (e.g., '
'modem passwords)'],
'references': [{'date_accessed': '2023-10-24',
'source': 'AAP (Australian Associated Press)'},
{'date_accessed': '2023-10-24',
'source': 'TPG Telecom ASX Statement'}],
'regulatory_compliance': {'regulatory_notifications': ['Australian Cyber '
'Security Centre '
'(ACSC)',
'National Office of '
'Cyber Security',
'Office of the '
'Australian '
'Information '
'Commissioner (OAIC)']},
'response': {'communication_strategy': ['public statement to Australian '
'Securities Exchange (ASX)',
'direct contact with impacted and '
'non-impacted customers',
'media advisory via AAP'],
'containment_measures': ['unauthorized access removed from '
'system'],
'incident_response_plan_activated': True,
'recovery_measures': ['customer notifications',
'dedicated hotline for concerns'],
'third_party_assistance': ['external IT experts',
'external cybersecurity experts']},
'stakeholder_advisories': ['Public apology issued to iiNet customers',
'Notifications to impacted and non-impacted '
'customers',
'ASX disclosure for shareholders'],
'threat_actor': 'unknown third party',
'title': 'iiNet Data Breach: Customer Email Addresses and Phone Numbers '
'Compromised',
'type': ['data breach', 'unauthorized access']}