Vocus, the parent company of Australian telecom provider Dodo, confirmed a breach where cybercriminals gained unauthorized access to approximately 1,600 Dodo email accounts, leading to 34 unauthorized SIM swaps. The attackers exploited the compromised email accounts to perform SIM swaps, allowing them to intercept calls, SMS (including two-factor authentication codes), and potentially access other victim services. Vocus suspended email services for Dodo and iPrimus customers and restricted access for its enterprise brand, Commander, to contain the incident. Affected customers were required to reset passwords, and the company collaborated with IDCARE for identity and cyber support. While no financial data or large-scale customer records were explicitly mentioned as stolen, the breach enabled follow-on fraud risks via SIM hijacking, impacting both individual security and trust in the provider. Authorities were notified, and the company continues monitoring for further threats.
Source: https://ia.acs.org.au/article/2025/dodo--iprimus-data-breach-sees-email-and-sim-cards-hacked.html
TPRM report: https://www.rankiteo.com/company/vocus-communications
"id": "voc3262132102125",
"linkid": "vocus-communications",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,600 (email accounts) + 34 '
'(SIM swaps)',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'Dodo',
'type': 'Telecommunications Provider'},
{'customers_affected': 'Limited impact (email services '
'operating as expected)',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'iPrimus',
'type': 'Telecommunications Provider'},
{'customers_affected': 'Email access restricted (no '
'confirmed breaches)',
'industry': 'Telecommunications',
'location': 'Australia',
'name': 'Commander',
'type': 'Enterprise Telecommunications Brand'},
{'industry': 'Telecommunications',
'location': 'Australia',
'name': 'Vocus (Parent Company)',
'size': 'One of the largest telcos in Australia '
'(behind Telstra, Optus, TPG)',
'type': 'Telecommunications Conglomerate'}],
'attack_vector': ['Compromised Email Accounts',
'Social Engineering (likely for SIM swaps)'],
'customer_advisories': ['Password reset required for Dodo email accounts',
'Contact Dodo at 1300 038 224 for assistance',
'IDCARE support offered'],
'data_breach': {'number_of_records_exposed': '1,600 (email accounts) + 34 '
'(SIM swaps)',
'personally_identifiable_information': ['Email Addresses',
'Phone Numbers '
'(linked to SIM '
'swaps)'],
'sensitivity_of_data': 'High (potential for identity theft '
'and fraud via 2FA interception)',
'type_of_data_compromised': ['Email Account Credentials',
'Mobile Account Information (for '
'SIM swaps)']},
'date_detected': '2024-10-17',
'date_publicly_disclosed': '2024-10-19',
'date_resolved': '2024-10-20',
'description': 'A breach of Australian telecommunications providers Dodo and '
'iPrimus resulted in the compromise of approximately 1,600 '
'Dodo email accounts, leading to unauthorized SIM swaps on 34 '
'Dodo Mobile accounts. Vocus, the parent company, detected '
'suspicious activity in their shared email system on 17 '
'October. Email services were temporarily suspended for Dodo '
'and iPrimus customers, and access was restricted for '
'Commander enterprise customers to contain the issue. Affected '
'customers were required to reset passwords, and Vocus '
'collaborated with IDCARE to provide identity and cyber '
'support. The incident is part of a broader trend of SIM swap '
'scams targeting Australian telcos.',
'impact': {'brand_reputation_impact': ['Potential loss of trust due to breach '
'and service disruption',
'Part of a broader trend of telco '
'breaches in Australia'],
'data_compromised': ['Email Account Credentials',
'Mobile Account Information (for SIM swaps)'],
'downtime': 'Email services suspended from 2024-10-18 to '
'2024-10-20 (approximately 2 days)',
'identity_theft_risk': 'High (due to SIM swaps enabling '
'interception of 2FA codes and personal '
'data)',
'operational_impact': ['Temporary suspension of email services',
'Password reset requirement for 1,600 Dodo '
'email accounts',
'SIM swaps reversed for 34 Dodo Mobile '
'accounts'],
'systems_affected': ['Dodo Email System',
'iPrimus Email System (limited impact)',
'Commander Enterprise Email (restricted '
'access)']},
'initial_access_broker': {'entry_point': ['Compromised Email System (shared '
'between Dodo and iPrimus)'],
'high_value_targets': ['Dodo Mobile Accounts (for '
'SIM swaps)']},
'investigation_status': 'Ongoing (as of 2024-10-19)',
'motivation': ['Financial Gain',
'Identity Theft',
'Fraud (e.g., intercepting 2FA codes)'],
'references': [{'date_accessed': '2024-10-19',
'source': 'Vocus Public Statement'},
{'source': 'Article on Dodo/iPrimus Breach (e.g., news '
'outlet)'}],
'regulatory_compliance': {'regulatory_notifications': ['Authorities notified '
'(unspecified which)']},
'response': {'communication_strategy': ['Public disclosure on 2024-10-19',
'Ongoing updates to customers',
'Apology for service disruption'],
'containment_measures': ['Progressive suspension of Dodo and '
'iPrimus email services',
'Restricted email access for Commander '
'customers',
'Password resets for affected Dodo '
'email accounts'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Restoration of email services by '
'2024-10-20',
'Customer support for password resets'],
'remediation_measures': ['Reversing unauthorized SIM swaps for '
'34 Dodo Mobile accounts',
'Monitoring for further suspicious '
'activity'],
'third_party_assistance': ['IDCARE (identity and cyber support '
'service)']},
'stakeholder_advisories': ['Updates provided to customers',
'Collaboration with IDCARE for support'],
'title': 'Dodo and iPrimus Email and SIM Swap Breach',
'type': ['Data Breach', 'Unauthorized Access', 'SIM Swap Fraud']}