TPG Telecom, an Australian telecommunications provider, suffered a cyberattack where an unauthorized third party accessed its **iiNet order management system** using stolen employee credentials. The breach exposed sensitive customer data, including **280,000 active iiNet email addresses, 20,000 landline phone numbers, 10,000 user names, residential addresses, and 1,700 modem set-up passwords**. While no financial or identity documents were compromised, the stolen data could enable highly targeted **phishing, voice scams, and malware/ransomware attacks** via vulnerable modems, potentially leading to identity theft, wire fraud, or further account takeovers. The company described the attack as 'limited' but acknowledged the risk of downstream fraud. No evidence of misuse has been detected yet, but impacted customers are being notified for precautionary measures.
TPRM report: https://www.rankiteo.com/company/tpg-telecom
"id": "tpg710082325",
"linkid": "tpg-telecom",
"type": "Breach",
"date": "8/2025",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '311,700 (280,000 email '
'addresses + 20,000 landline '
'numbers + 10,000 PII records + '
'1,700 modem passwords)',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'TPG Telecom (iiNet sub-brand)',
'size': 'Large (major provider)',
'type': 'Telecommunications provider'}],
'attack_vector': ['stolen credentials', 'compromised employee account'],
'customer_advisories': ['Advice on protective actions provided to impacted '
'customers'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 311700,
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate to high (PII enabling '
'targeted phishing and fraud)',
'type_of_data_compromised': ['email addresses',
'landline phone numbers',
'contact names',
'residential addresses',
'modem set-up passwords']},
'date_detected': '2024-08-16',
'date_publicly_disclosed': '2024-08-16',
'description': 'TPG Telecom, a major Australian telecommunications provider, '
'suffered a cyberattack where an unauthorized third party '
'accessed its iiNet order management system using stolen '
'employee credentials. The breach resulted in the exfiltration '
'of sensitive customer data, including email addresses, phone '
'numbers, residential addresses, and modem set-up passwords. '
'Approximately 280,000 active iiNet email addresses, 20,000 '
'landline phone numbers, 10,000 user names/addresses/phone '
'numbers, and 1,700 modem passwords were compromised. The '
'incident was detected on August 16, and the company is '
'investigating while notifying affected customers.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'large-scale customer data exposure',
'data_compromised': ['iiNet email addresses (280,000)',
'iiNet landline phone numbers (20,000)',
'user names, street addresses, and phone '
'numbers (10,000)',
'modem set-up passwords (1,700)'],
'identity_theft_risk': 'High (due to exposed PII enabling '
'phishing, voice scams, and '
'malware/ransomware attacks)',
'operational_impact': 'Limited (internal order management system '
'only)',
'payment_information_risk': 'None (no credit card or banking '
'details compromised)',
'systems_affected': ['iiNet order management system']},
'initial_access_broker': {'entry_point': 'Stolen employee account credentials',
'high_value_targets': ['iiNet order management '
'system']},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': ['Stolen employee credentials',
'Insufficient protection of '
'internal order management '
'system']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'The Register'},
{'date_accessed': '2024-08-16',
'source': 'TPG Telecom public statement (via Australian '
'Securities Exchange)'}],
'regulatory_compliance': {'regulatory_notifications': ['Australian Securities '
'Exchange']},
'response': {'communication_strategy': ['Public disclosure via Australian '
'Securities Exchange',
'Direct customer notifications',
'Apology statement'],
'incident_response_plan_activated': True,
'remediation_measures': ['Notifying impacted customers',
'Advising on protective actions',
'Confirming non-impacted customers']},
'stakeholder_advisories': ['Public apology issued',
'Customer notifications in progress'],
'threat_actor': 'Unidentified',
'title': 'TPG Telecom (iiNet) Cyberattack and Data Exfiltration',
'type': ['data breach', 'unauthorized access', 'credential theft'],
'vulnerability_exploited': 'Weak or stolen employee account credentials'}