TPG Telecom, the parent company of Australia’s second-largest ISP iiNet, suffered a major data breach after an unknown third party gained unauthorized access to its order management system using stolen employee credentials. The breach, discovered on 16 August 2025, exposed limited but sensitive customer data, including: - 280,000 active email addresses - 20,000 landline phone numbers - 10,000 usernames, street addresses, and phone numbers - 1,700 modem setup passwords - An unspecified number of inactive email addresses and landline numbers While no financial data (credit cards, identity documents) was compromised, the breach involved personal and contact details, raising risks of phishing, spam, and targeted scams. TPG Telecom engaged external cybersecurity experts, notified regulatory bodies (ACSC, OAIC, ASD), and contained the breach by revoking unauthorized access. The incident highlights vulnerabilities from credential theft, possibly linked to infostealer malware, a growing threat in Australia. Authorities were alerted as part of compliance with Australia’s Cyber Security Act (2024) and broader efforts under the 2023-2030 Cyber Security Strategy to mitigate such risks.
Source: https://www.infosecurity-magazine.com/news/aussie-isp-iinet-breach-280000/
TPRM report: https://www.rankiteo.com/company/tpg-telecom
"id": "tpg619081925",
"linkid": "tpg-telecom",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Hundreds of thousands (exact '
'number unspecified, but at '
'least 280,000 email addresses '
'exposed)',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'iiNet (Subsidiary of TPG Telecom)',
'size': 'Large (Second-largest ISP in Australia)',
'type': 'Internet Service Provider (ISP)'}],
'attack_vector': ['Stolen Credentials (Employee Account)',
'Potential Infostealer Malware'],
'customer_advisories': ['Customers with exposed data likely notified '
'(implied)'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '~311,700 (active records) + '
'unspecified inactive records',
'personally_identifiable_information': ['Email Addresses',
'Phone Numbers',
'Street Addresses',
'Usernames'],
'sensitivity_of_data': 'Low to Moderate (no '
'financial/identity documents)',
'type_of_data_compromised': ['Email Addresses',
'Landline Phone Numbers',
'Usernames',
'Street Addresses',
'Modem Set-up Passwords']},
'date_detected': '2025-08-16',
'date_publicly_disclosed': '2025-08-16',
'description': 'Australia’s second-largest internet service provider (ISP), '
'TPG Telecom, revealed a major data breach impacting hundreds '
'of thousands of customers. An unknown third party gained '
'unauthorized access to an order management system at '
'subsidiary iiNet using stolen employee credentials. The '
'breach was discovered on 16 August 2025, and the incident '
'response plan was activated immediately. External IT and '
'cybersecurity experts were engaged to assist with containment '
'and investigation. While no financial or identity documents '
'were compromised, the breach exposed 280,000 active email '
'addresses, 20,000 landline phone numbers, 10,000 '
'usernames/street addresses/phone numbers, and 1,700 modem '
'set-up passwords, along with an unspecified number of '
'inactive records. Authorities, including the ACSC, NOCS, '
'ASD, and OAIC, were notified. The method of credential '
'theft remains unclear, though infostealer malware is '
'suspected.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of customer data',
'data_compromised': ['280,000 active iiNet email addresses',
'20,000 active iiNet landline phone numbers',
'10,000 iiNet usernames, street addresses, '
'and phone numbers',
'1,700 modem set-up passwords',
'Unspecified number of inactive email '
'addresses and landline numbers'],
'identity_theft_risk': 'Low (no financial/identity documents '
'compromised)',
'operational_impact': 'Incident response activation, external '
'expert engagement, system access removal',
'payment_information_risk': 'None (no credit card or financial '
'data exposed)',
'systems_affected': ['iiNet Order Management System']},
'initial_access_broker': {'entry_point': 'Stolen Employee Credentials (iiNet '
'Order Management System)',
'high_value_targets': ['Customer PII (email '
'addresses, phone numbers, '
'usernames)']},
'investigation_status': 'Ongoing (early investigations suggest stolen '
'credentials)',
'post_incident_analysis': {'root_causes': ['Compromised Employee Credentials '
'(potential infostealer malware)']},
'ransomware': {'data_exfiltration': True},
'references': [{'date_accessed': '2025-08-16',
'source': 'TPG Telecom ASX Announcement'},
{'source': 'Australian Cyber Security Strategy (2023-2030)'},
{'source': 'Cyber Security Act (2024, Australia)'},
{'source': 'Infostealer Malware Study (2021-2025)'}],
'regulatory_compliance': {'regulatory_notifications': ['Australian Cyber '
'Security Centre '
'(ACSC)',
'National Office of '
'Cyber Security (NOCS)',
'Australian Signals '
'Directorate (ASD)',
'Office of the '
'Australian '
'Information '
'Commissioner (OAIC)']},
'response': {'communication_strategy': ['Notified Australian Securities '
'Exchange (ASX)',
'Contacted affected customers '
'(implied)',
'Engaged with regulatory authorities '
'(ACSC, NOCS, ASD, OAIC)'],
'containment_measures': ['Removed unauthorized access to the '
'system'],
'incident_response_plan_activated': True,
'third_party_assistance': ['External IT Experts',
'Cybersecurity Experts']},
'stakeholder_advisories': ['Notified Australian Securities Exchange (ASX)',
'Engaged regulatory authorities'],
'threat_actor': 'Unknown Third Party',
'title': "Major Data Breach at TPG Telecom's Subsidiary iiNet",
'type': ['Data Breach', 'Unauthorized Access'],
'vulnerability_exploited': 'Weak or Compromised Employee Credentials'}