TPG Telecom confirmed a cyberattack on its subsidiary **iiNet**, initiated via stolen credentials of a single employee, likely through phishing or infostealer malware. The breach was contained on **August 16**, with attackers expelled from the system. The incident compromised iiNet’s **order creation and tracking system**, exposing **limited personal information**, including: - **280,000 active customer email addresses** - **20,000 landline phone numbers** - **10,000 customer usernames, street addresses, and phone numbers** - **1,700 modem setup passwords** - An undisclosed number of **inactive emails and phone numbers**. TPG stated no evidence suggests broader system impact or ransomware involvement. The company is contacting affected customers to advise on protective measures and has apologized for the incident. iiNet serves as part of TPG’s portfolio, which includes **5.51M mobile** and **2.08M internet subscribers** across brands like Vodafone and Internode.
Source: https://www.theregister.com/2025/08/20/tpg_telecom_iinet_breach/
TPRM report: https://www.rankiteo.com/company/tpg-telecom
"id": "tpg826082025",
"linkid": "tpg-telecom",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '~311,700 (active customers with '
'compromised data) + undisclosed '
'number of inactive customers',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'iiNet',
'type': 'Subsidiary'}],
'attack_vector': ['Stolen Credentials',
'Infostealer Malware',
'Phishing (suspected)'],
'customer_advisories': ['Actions for impacted customers to take (unspecified)',
'Assistance offered by TPG Telecom'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '~311,700 (active) + undisclosed '
'(inactive)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (includes email addresses, '
'phone numbers, street addresses, and '
'modem passwords but no payment info)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Contact Information',
'Authentication Credentials '
'(modem setup passwords)']},
'date_publicly_disclosed': '2024-08-20',
'date_resolved': '2024-08-16',
'description': 'Aussie telco giant TPG Telecom confirmed a cyberattack at its '
'subsidiary iiNet, where stolen credentials of a single '
'employee led to unauthorized access. The incident was '
'contained on August 16, 2024, and the attackers were removed '
"from iiNet's systems. External help was engaged for cleanup. "
"The breach affected iiNet's order creation and tracking "
'system, exposing limited personal information, including '
'~280,000 active customer email addresses, 20,000 landline '
'phone numbers, 10,000 customer usernames, street addresses, '
'phone numbers, and ~1,700 modem setup passwords. An '
'undisclosed number of inactive email addresses and phone '
'numbers were also compromised. TPG Telecom is contacting '
'affected and non-affected customers and has no evidence of '
'broader system impact.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of customer data; public '
'apology issued',
'data_compromised': ['280,000 active customer email addresses',
'20,000 landline phone numbers',
'10,000 customer usernames',
'10,000 street addresses',
'10,000 phone numbers (additional)',
'1,700 modem setup passwords',
'Undisclosed number of inactive email '
'addresses and phone numbers'],
'identity_theft_risk': 'Moderate (exposed PII includes email '
'addresses, phone numbers, street '
'addresses, and modem passwords)',
'operational_impact': 'Contained to iiNet; no evidence of broader '
'system impact across TPG Telecom brands',
'systems_affected': ["iiNet's order creation and tracking system"]},
'initial_access_broker': {'entry_point': 'Stolen employee credentials (likely '
'via infostealer malware or '
'phishing)',
'high_value_targets': ["iiNet's order creation and "
'tracking system']},
'investigation_status': 'Ongoing (TPG Telecom has opened an investigation)',
'post_incident_analysis': {'root_causes': ['Compromised employee credentials',
'Likely infostealer malware or '
'phishing attack']},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'The Register'}],
'regulatory_compliance': {'regulatory_notifications': ['Australian Securities '
'Exchange (ASE)']},
'response': {'communication_strategy': ['Public disclosure via Australian '
'Securities Exchange (ASE)',
'Direct customer outreach '
'(email/phone)',
'Public apology issued'],
'containment_measures': ['Attackers ousted from systems '
'(2024-08-16)',
'Isolation of affected systems (order '
'creation and tracking)'],
'incident_response_plan_activated': True,
'remediation_measures': ['External cleanup assistance engaged',
'Customer notifications (impacted and '
'non-impacted)'],
'third_party_assistance': True},
'stakeholder_advisories': ['Public apology to iiNet customers',
'Direct notifications to impacted and non-impacted '
'customers'],
'title': "Cyberattack on TPG Telecom's Subsidiary iiNet",
'type': ['Data Breach', 'Credential Theft'],
'vulnerability_exploited': 'Compromised Employee Credentials'}